multicorn-shield 0.13.0 → 1.0.0

package/dist/multicorn-shield.js

@@ -1,14 +1,756 @@
 #!/usr/bin/env node
-import { readFile, mkdir, writeFile } from 'fs/promises';
+import { existsSync, statSync } from 'fs';
+import { readFile, mkdir, writeFile, copyFile, chmod, unlink } from 'fs/promises';
 import { join, dirname } from 'path';
-import 'fs';
 import { homedir } from 'os';
-import 'url';
-import 'readline';
+import { fileURLToPath } from 'url';
+import { createInterface } from 'readline';
+import { spawn } from 'child_process';
+import { createHash } from 'crypto';
+import 'stream';
 
+var style = {
+  violet: (s) => `\x1B[38;2;124;58;237m${s}\x1B[0m`,
+  violetLight: (s) => `\x1B[38;2;167;139;250m${s}\x1B[0m`,
+  green: (s) => `\x1B[38;2;34;197;94m${s}\x1B[0m`,
+  yellow: (s) => `\x1B[38;2;245;158;11m${s}\x1B[0m`,
+  red: (s) => `\x1B[38;2;239;68;68m${s}\x1B[0m`,
+  cyan: (s) => `\x1B[38;2;6;182;212m${s}\x1B[0m`,
+  bold: (s) => `\x1B[1m${s}\x1B[0m`,
+  dim: (s) => `\x1B[2m${s}\x1B[0m`
+};
+var BANNER = [
+  " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588   \u2588\u2588\u2584 ",
+  " \u2588   \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
+  " \u2588\u2588\u2588 \u2588\u2588\u2588\u2588 \u2588 \u2588\u2588  \u2588   \u2588  \u2588",
+  "   \u2588 \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
+  " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588\u2588\u2588 \u2588\u2588\u2580 "
+].map((line) => style.violet(line)).join("\n");
+function withSpinner(message) {
+  const frames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+  let i = 0;
+  const interval = setInterval(() => {
+    const frame = frames[i % frames.length];
+    process.stderr.write(`\r${style.violet(frame ?? "\u280B")} ${message}`);
+    i++;
+  }, 80);
+  return {
+    stop(success, result) {
+      clearInterval(interval);
+      const icon = success ? style.green("\u2713") : style.red("\u2717");
+      process.stderr.write(`\r\x1B[2K${icon} ${result}
+`);
+    }
+  };
+}
+var NativePluginPrerequisiteMissingError = class extends Error {
+  constructor() {
+    super("Native plugin prerequisites not met");
+    this.name = "NativePluginPrerequisiteMissingError";
+  }
+};
+function isExistingDirectory(path) {
+  try {
+    if (!existsSync(path)) return false;
+    return statSync(path).isDirectory();
+  } catch {
+    return false;
+  }
+}
+function nativePluginSkippedSaveNote(wizardCommand, productName) {
+  return "\n" + style.dim("Your agent config has been saved. Run ") + style.cyan(wizardCommand) + style.dim(` again after installing ${productName} to complete hook setup.`) + "\n";
+}
 var CONFIG_DIR = join(homedir(), ".multicorn");
-join(CONFIG_DIR, "config.json");
-join(homedir(), ".openclaw", "openclaw.json");
+var CONFIG_PATH = join(CONFIG_DIR, "config.json");
+var OPENCLAW_CONFIG_PATH = join(homedir(), ".openclaw", "openclaw.json");
+var ANSI_PATTERN = new RegExp(String.fromCharCode(27) + "\\[[0-9;]*[a-zA-Z]", "g");
+function stripAnsi(str) {
+  return str.replace(ANSI_PATTERN, "");
+}
+function normalizeAgentName(raw) {
+  return raw.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "").replace(/-{2,}/g, "-").replace(/^-+|-+$/g, "").slice(0, 50);
+}
+function isErrnoException(e) {
+  return typeof e === "object" && e !== null && "code" in e;
+}
+function isProxyConfig(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["apiKey"] === "string" && typeof obj["baseUrl"] === "string";
+}
+function isAgentEntry(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const o = value;
+  return typeof o["name"] === "string" && typeof o["platform"] === "string";
+}
+function getAgentByPlatform(config, platform) {
+  const list = config.agents;
+  if (list === void 0 || list.length === 0) return void 0;
+  return list.find((a) => a.platform === platform);
+}
+function getDefaultAgent(config) {
+  const list = config.agents;
+  if (list === void 0 || list.length === 0) return void 0;
+  const defName = config.defaultAgent;
+  if (typeof defName === "string" && defName.length > 0) {
+    const match = list.find((a) => a.name === defName);
+    if (match !== void 0) return match;
+  }
+  return list[0];
+}
+function collectAgentsFromConfig(cfg) {
+  if (cfg === null) return [];
+  if (cfg.agents !== void 0 && cfg.agents.length > 0) {
+    return cfg.agents.map((a) => ({ name: a.name, platform: a.platform }));
+  }
+  const raw = cfg;
+  const legacyName = raw["agentName"];
+  const legacyPlatform = raw["platform"];
+  if (typeof legacyName === "string" && legacyName.length > 0) {
+    const plat = typeof legacyPlatform === "string" && legacyPlatform.length > 0 ? legacyPlatform : "unknown";
+    return [{ name: legacyName, platform: plat }];
+  }
+  return [];
+}
+async function parseConfigFile() {
+  try {
+    const raw = await readFile(CONFIG_PATH, "utf8");
+    try {
+      return { kind: "ok", value: JSON.parse(raw) };
+    } catch {
+      return { kind: "parseError" };
+    }
+  } catch (error) {
+    if (isErrnoException(error) && error.code === "ENOENT") {
+      return { kind: "missing" };
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    return { kind: "readError", message };
+  }
+}
+function isAllowedShieldApiBaseUrl(url) {
+  return url.startsWith("https://") || url.startsWith("http://localhost") || url.startsWith("http://127.0.0.1");
+}
+async function loadConfig() {
+  const result = await parseConfigFile();
+  if (result.kind !== "ok") return null;
+  const parsed = result.value;
+  if (!isProxyConfig(parsed)) return null;
+  const obj = parsed;
+  const agentNameRaw = obj["agentName"];
+  const agentsRaw = obj["agents"];
+  const hasNonEmptyAgents = Array.isArray(agentsRaw) && agentsRaw.length > 0 && agentsRaw.every((e) => isAgentEntry(e));
+  const needsMigrate = typeof agentNameRaw === "string" && agentNameRaw.length > 0 && !hasNonEmptyAgents;
+  if (!needsMigrate) {
+    return parsed;
+  }
+  const platform = typeof obj["platform"] === "string" && obj["platform"].length > 0 ? obj["platform"] : "unknown";
+  const next = { ...obj };
+  delete next["agentName"];
+  delete next["platform"];
+  next["agents"] = [{ name: agentNameRaw, platform }];
+  next["defaultAgent"] = agentNameRaw;
+  const migrated = next;
+  await saveConfig(migrated);
+  return migrated;
+}
+async function readBaseUrlFromConfig() {
+  const result = await parseConfigFile();
+  if (result.kind === "missing") return void 0;
+  if (result.kind === "readError") {
+    process.stderr.write(
+      style.yellow(`Warning: could not read base URL from config file: ${result.message}`) + "\n"
+    );
+    return void 0;
+  }
+  if (result.kind === "parseError") {
+    process.stderr.write(
+      style.yellow("Warning: could not parse ~/.multicorn/config.json as JSON.") + "\n"
+    );
+    return void 0;
+  }
+  const parsed = result.value;
+  if (typeof parsed !== "object" || parsed === null) return void 0;
+  const u = parsed["baseUrl"];
+  if (typeof u !== "string" || u.length === 0) return void 0;
+  return u;
+}
+async function deleteAgentByName(name) {
+  const config = await loadConfig();
+  if (config === null) return false;
+  const agents = collectAgentsFromConfig(config);
+  const idx = agents.findIndex((a) => a.name === name);
+  if (idx === -1) return false;
+  const nextAgents = agents.filter((_, i) => i !== idx);
+  let defaultAgent = config.defaultAgent;
+  if (defaultAgent === name) {
+    defaultAgent = void 0;
+  }
+  const raw = { ...config };
+  if (nextAgents.length > 0) {
+    raw["agents"] = nextAgents;
+  } else {
+    delete raw["agents"];
+  }
+  if (defaultAgent !== void 0 && defaultAgent.length > 0) {
+    raw["defaultAgent"] = defaultAgent;
+  } else {
+    delete raw["defaultAgent"];
+  }
+  await saveConfig(raw);
+  return true;
+}
+async function saveConfig(config) {
+  await mkdir(CONFIG_DIR, { recursive: true, mode: 448 });
+  await writeFile(CONFIG_PATH, JSON.stringify(config, null, 2) + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+var OPENCLAW_MIN_VERSION = "2026.2.26";
+async function detectOpenClaw() {
+  let raw;
+  try {
+    raw = await readFile(OPENCLAW_CONFIG_PATH, "utf8");
+  } catch (e) {
+    if (isErrnoException(e) && e.code === "ENOENT") {
+      return { status: "not-found", version: null };
+    }
+    throw e;
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return { status: "parse-error", version: null };
+  }
+  const meta = obj["meta"];
+  if (typeof meta === "object" && meta !== null) {
+    const v = meta["lastTouchedVersion"];
+    if (typeof v === "string" && v.length > 0) {
+      return { status: "detected", version: v };
+    }
+  }
+  return { status: "detected", version: null };
+}
+function isVersionAtLeast(version, minimum) {
+  const vParts = version.split(".").map(Number);
+  const mParts = minimum.split(".").map(Number);
+  const len = Math.max(vParts.length, mParts.length);
+  for (let i = 0; i < len; i++) {
+    const v = vParts[i] ?? 0;
+    const m = mParts[i] ?? 0;
+    if (Number.isNaN(v) || Number.isNaN(m)) return false;
+    if (v > m) return true;
+    if (v < m) return false;
+  }
+  return true;
+}
+async function updateOpenClawConfigIfPresent(apiKey, baseUrl, agentName) {
+  let raw;
+  try {
+    raw = await readFile(OPENCLAW_CONFIG_PATH, "utf8");
+  } catch (e) {
+    if (isErrnoException(e) && e.code === "ENOENT") {
+      return "not-found";
+    }
+    throw e;
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return "parse-error";
+  }
+  let hooks = obj["hooks"];
+  if (hooks === void 0 || typeof hooks !== "object") {
+    hooks = {};
+    obj["hooks"] = hooks;
+  }
+  let internal = hooks["internal"];
+  if (internal === void 0 || typeof internal !== "object") {
+    internal = { enabled: true, entries: {} };
+    hooks["internal"] = internal;
+  }
+  let entries = internal["entries"];
+  if (entries === void 0 || typeof entries !== "object") {
+    entries = {};
+    internal["entries"] = entries;
+  }
+  let shield = entries["multicorn-shield"];
+  if (shield === void 0 || typeof shield !== "object") {
+    shield = { enabled: true, env: {} };
+    entries["multicorn-shield"] = shield;
+  }
+  let env = shield["env"];
+  if (env === void 0 || typeof env !== "object") {
+    env = {};
+    shield["env"] = env;
+  }
+  env["MULTICORN_API_KEY"] = apiKey;
+  env["MULTICORN_BASE_URL"] = baseUrl;
+  if (agentName !== void 0) {
+    env["MULTICORN_AGENT_NAME"] = agentName;
+    const agentsList = obj["agents"];
+    const list = agentsList?.["list"];
+    if (Array.isArray(list) && list.length > 0) {
+      const first = list[0];
+      if (first["id"] !== agentName) {
+        first["id"] = agentName;
+        first["name"] = agentName;
+      }
+    } else {
+      if (agentsList !== void 0 && typeof agentsList === "object") {
+        agentsList["list"] = [{ id: agentName, name: agentName }];
+      } else {
+        obj["agents"] = { list: [{ id: agentName, name: agentName }] };
+      }
+    }
+  }
+  await writeFile(OPENCLAW_CONFIG_PATH, JSON.stringify(obj, null, 2) + "\n", {
+    encoding: "utf8"
+  });
+  return "updated";
+}
+async function validateApiKey(apiKey, baseUrl) {
+  try {
+    const response = await fetch(`${baseUrl}/api/v1/agents`, {
+      headers: { "X-Multicorn-Key": apiKey },
+      signal: AbortSignal.timeout(8e3)
+    });
+    if (response.status === 401) {
+      return { valid: false, error: "API key not recognised. Check the key and try again." };
+    }
+    if (!response.ok) {
+      return {
+        valid: false,
+        error: `Service returned ${String(response.status)}. Check your base URL and try again.`
+      };
+    }
+    return { valid: true };
+  } catch (error) {
+    const detail = error instanceof Error ? error.message : String(error);
+    return {
+      valid: false,
+      error: `Could not reach ${baseUrl}. Check your network connection. (${detail})`
+    };
+  }
+}
+async function isOpenClawConnected() {
+  try {
+    const raw = await readFile(OPENCLAW_CONFIG_PATH, "utf8");
+    const obj = JSON.parse(raw);
+    const hooks = obj["hooks"];
+    const internal = hooks?.["internal"];
+    const entries = internal?.["entries"];
+    const shield = entries?.["multicorn-shield"];
+    const env = shield?.["env"];
+    const key = env?.["MULTICORN_API_KEY"];
+    return typeof key === "string" && key.length > 0;
+  } catch {
+    return false;
+  }
+}
+function isClaudeCodeConnected() {
+  try {
+    return existsSync(join(homedir(), ".claude", "plugins", "cache", "multicorn-shield"));
+  } catch {
+    return false;
+  }
+}
+function getCursorConfigPath() {
+  return join(homedir(), ".cursor", "mcp.json");
+}
+async function isCursorConnected() {
+  try {
+    const raw = await readFile(getCursorConfigPath(), "utf8");
+    const obj = JSON.parse(raw);
+    const mcpServers = obj["mcpServers"];
+    if (mcpServers === void 0 || typeof mcpServers !== "object") return false;
+    for (const entry of Object.values(mcpServers)) {
+      if (typeof entry !== "object" || entry === null) continue;
+      const rec = entry;
+      const url = rec["url"];
+      if (typeof url === "string" && url.includes("multicorn")) return true;
+      const args = rec["args"];
+      if (Array.isArray(args) && (args.includes("multicorn-shield") || args.includes("multicorn-proxy")))
+        return true;
+    }
+    return false;
+  } catch (err) {
+    process.stderr.write(
+      `Warning: could not check Cursor connection status: ${err instanceof Error ? err.message : String(err)}
+`
+    );
+    return false;
+  }
+}
+function getWindsurfConfigPath() {
+  return join(homedir(), ".codeium", "windsurf", "mcp_config.json");
+}
+async function isWindsurfConnected() {
+  try {
+    const raw = await readFile(getWindsurfConfigPath(), "utf8");
+    const obj = JSON.parse(raw);
+    const mcpServers = obj["mcpServers"];
+    if (mcpServers === void 0 || typeof mcpServers !== "object") return false;
+    for (const entry of Object.values(mcpServers)) {
+      if (typeof entry !== "object" || entry === null) continue;
+      const rec = entry;
+      const url = rec["serverUrl"];
+      if (typeof url === "string" && url.includes("multicorn")) return true;
+    }
+    return false;
+  } catch {
+    return false;
+  }
+}
+function multicornShieldPackageRoot() {
+  return join(dirname(fileURLToPath(import.meta.url)), "..");
+}
+function getWindsurfHooksInstallDir() {
+  return join(homedir(), ".multicorn", "windsurf-hooks");
+}
+function getWindsurfCascadeHooksJsonPath() {
+  return join(homedir(), ".codeium", "windsurf", "hooks.json");
+}
+function isShieldWindsurfHookCommand(cmd) {
+  return cmd.includes("windsurf-hooks/pre-action.cjs") || cmd.includes("windsurf-hooks\\pre-action.cjs") || cmd.includes("windsurf-hooks/post-action.cjs") || cmd.includes("windsurf-hooks\\post-action.cjs");
+}
+function filterOutShieldWindsurfHooks(entries) {
+  if (!Array.isArray(entries)) return [];
+  const out = [];
+  for (const e of entries) {
+    if (typeof e !== "object" || e === null) continue;
+    const rec = e;
+    const cmd = rec["command"];
+    if (typeof cmd !== "string" || isShieldWindsurfHookCommand(cmd)) continue;
+    const powershell = rec["powershell"];
+    const show_output = rec["show_output"];
+    out.push({
+      command: cmd,
+      ...typeof powershell === "string" ? { powershell } : {},
+      ...show_output === true ? { show_output: true } : {}
+    });
+  }
+  return out;
+}
+async function installWindsurfNativeHooks() {
+  const root = multicornShieldPackageRoot();
+  const srcPre = join(root, "plugins", "windsurf", "hooks", "scripts", "pre-action.cjs");
+  const srcPost = join(root, "plugins", "windsurf", "hooks", "scripts", "post-action.cjs");
+  if (!existsSync(srcPre) || !existsSync(srcPost)) {
+    throw new Error(
+      `Could not find Shield Windsurf hook scripts at ${srcPre}. If you use npm, install the latest multicorn-shield package.`
+    );
+  }
+  const windsurfConfigDir = join(homedir(), ".codeium", "windsurf");
+  if (!isExistingDirectory(windsurfConfigDir)) {
+    process.stderr.write(
+      style.yellow("\u26A0") + "  Windsurf does not appear to be installed (~/.codeium/windsurf/ not found).\n\n"
+    );
+    process.stderr.write(
+      "Open Windsurf at least once so this folder exists, or install from:\n  " + style.cyan("https://windsurf.com/download") + "\n\n"
+    );
+    process.stderr.write("Then run this wizard again:\n");
+    process.stderr.write("  " + style.cyan("npx multicorn-shield init") + "\n");
+    throw new NativePluginPrerequisiteMissingError();
+  }
+  const installDir = getWindsurfHooksInstallDir();
+  await mkdir(installDir, { recursive: true });
+  const destPre = join(installDir, "pre-action.cjs");
+  const destPost = join(installDir, "post-action.cjs");
+  await copyFile(srcPre, destPre);
+  await copyFile(srcPost, destPost);
+  const preCmd = `node ${JSON.stringify(destPre)}`;
+  const postCmd = `node ${JSON.stringify(destPost)}`;
+  const preEntry = { command: preCmd, powershell: preCmd, show_output: true };
+  const postEntry = { command: postCmd, powershell: postCmd };
+  const hooksPath = getWindsurfCascadeHooksJsonPath();
+  let base = { hooks: {} };
+  try {
+    const raw = await readFile(hooksPath, "utf8");
+    base = JSON.parse(raw);
+  } catch (err) {
+    if (!isErrnoException(err) || err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  const hooks = base["hooks"] ?? {};
+  const preKeys = [
+    "pre_read_code",
+    "pre_write_code",
+    "pre_run_command",
+    "pre_mcp_tool_use"
+  ];
+  const postKeys = [
+    "post_read_code",
+    "post_write_code",
+    "post_run_command",
+    "post_mcp_tool_use"
+  ];
+  const nextHooks = { ...hooks };
+  for (const k of preKeys) {
+    const merged = filterOutShieldWindsurfHooks(nextHooks[k]);
+    nextHooks[k] = [...merged, preEntry];
+  }
+  for (const k of postKeys) {
+    const merged = filterOutShieldWindsurfHooks(nextHooks[k]);
+    nextHooks[k] = [...merged, postEntry];
+  }
+  base["hooks"] = nextHooks;
+  const hooksDir = dirname(hooksPath);
+  await mkdir(hooksDir, { recursive: true });
+  await writeFile(hooksPath, JSON.stringify(base, null, 2) + "\n", { encoding: "utf8" });
+}
+function getClineHooksInstallDir() {
+  return join(homedir(), ".multicorn", "cline-hooks");
+}
+function getClineGlobalHooksDir() {
+  return join(homedir(), "Documents", "Cline", "Hooks");
+}
+async function installClineNativeHooks() {
+  const root = multicornShieldPackageRoot();
+  const srcPre = join(root, "plugins", "cline", "hooks", "scripts", "pre-tool-use.cjs");
+  const srcPost = join(root, "plugins", "cline", "hooks", "scripts", "post-tool-use.cjs");
+  const srcShared = join(root, "plugins", "cline", "hooks", "scripts", "shared.cjs");
+  if (!existsSync(srcPre) || !existsSync(srcPost) || !existsSync(srcShared)) {
+    throw new Error(
+      `Could not find Shield Cline hook scripts at ${srcPre}. If you use npm, install the latest multicorn-shield package.`
+    );
+  }
+  const clineDocsDir = join(homedir(), "Documents", "Cline");
+  if (!isExistingDirectory(clineDocsDir)) {
+    process.stderr.write(
+      style.yellow("\u26A0") + "  Cline does not appear to be installed (~/Documents/Cline/ not found).\n\n"
+    );
+    process.stderr.write("Install the Cline VS Code extension first. See:\n");
+    process.stderr.write(
+      "  " + style.cyan("https://docs.cline.bot/getting-started/installing-cline") + "\n\n"
+    );
+    process.stderr.write("Then run this wizard again:\n");
+    process.stderr.write("  " + style.cyan("npx multicorn-shield init") + "\n");
+    throw new NativePluginPrerequisiteMissingError();
+  }
+  const installDir = getClineHooksInstallDir();
+  await mkdir(installDir, { recursive: true });
+  const destPre = join(installDir, "pre-tool-use.cjs");
+  const destPost = join(installDir, "post-tool-use.cjs");
+  const destShared = join(installDir, "shared.cjs");
+  await copyFile(srcPre, destPre);
+  await copyFile(srcPost, destPost);
+  await copyFile(srcShared, destShared);
+  const hookScriptMode = 493;
+  await chmod(destPre, hookScriptMode);
+  await chmod(destPost, hookScriptMode);
+  await chmod(destShared, hookScriptMode);
+  const hooksDir = getClineGlobalHooksDir();
+  await mkdir(hooksDir, { recursive: true });
+  const preWrapper = join(hooksDir, "PreToolUse");
+  const postWrapper = join(hooksDir, "PostToolUse");
+  const preContent = `#!/usr/bin/env node
+require(${JSON.stringify(destPre)});
+`;
+  const postContent = `#!/usr/bin/env node
+require(${JSON.stringify(destPost)});
+`;
+  await writeFile(preWrapper, preContent, { encoding: "utf8", mode: 493 });
+  await writeFile(postWrapper, postContent, { encoding: "utf8", mode: 493 });
+}
+async function promptClineIntegrationMode(ask) {
+  process.stderr.write("\n" + style.bold("Cline integration") + "\n");
+  process.stderr.write(
+    "  " + style.violet("1") + ". Native plugin (recommended) - Cline Hooks see every file, terminal, browser, and MCP action\n"
+  );
+  process.stderr.write(
+    "  " + style.violet("2") + ". Hosted proxy - govern MCP traffic only (paste proxy URL into Cline MCP settings)\n"
+  );
+  let choice = 0;
+  while (choice === 0) {
+    const input = await ask("Choose integration (1-2): ");
+    const num = parseInt(input.trim(), 10);
+    if (num === 1) choice = 1;
+    if (num === 2) choice = 2;
+  }
+  return choice === 1 ? "native" : "hosted";
+}
+function getGeminiCliHooksInstallDir() {
+  return join(homedir(), ".multicorn", "gemini-cli-hooks");
+}
+function getGeminiCliSettingsPath() {
+  return join(homedir(), ".gemini", "settings.json");
+}
+function geminiInnerHooksReferenceShield(inner, multicornName) {
+  if (!Array.isArray(inner)) return false;
+  for (const h of inner) {
+    if (typeof h !== "object" || h === null) continue;
+    const rec = h;
+    if (rec["name"] === multicornName) return true;
+    const cmd = rec["command"];
+    if (typeof cmd === "string" && cmd.includes("gemini-cli-hooks")) return true;
+  }
+  return false;
+}
+function geminiHookEventsReferenceShield(arr) {
+  if (!Array.isArray(arr)) return false;
+  for (const entry of arr) {
+    if (typeof entry !== "object" || entry === null) continue;
+    const hooks = entry["hooks"];
+    if (geminiInnerHooksReferenceShield(hooks, "multicorn-shield") || geminiInnerHooksReferenceShield(hooks, "multicorn-shield-log")) {
+      return true;
+    }
+  }
+  return false;
+}
+function geminiSettingsHasMulticornHooks(hooks) {
+  if (hooks === null || typeof hooks !== "object" || Array.isArray(hooks)) return false;
+  const h = hooks;
+  return geminiHookEventsReferenceShield(h["BeforeTool"]) || geminiHookEventsReferenceShield(h["AfterTool"]);
+}
+function geminiFilterInnerHooks(inner) {
+  if (!Array.isArray(inner)) return [];
+  return inner.filter((h) => {
+    if (typeof h !== "object" || h === null) return true;
+    const rec = h;
+    if (rec["name"] === "multicorn-shield" || rec["name"] === "multicorn-shield-log") return false;
+    const cmd = rec["command"];
+    if (typeof cmd === "string" && cmd.includes("gemini-cli-hooks")) return false;
+    return true;
+  });
+}
+function geminiStripMatcherGroups(arr) {
+  if (!Array.isArray(arr)) return [];
+  const out = [];
+  for (const entry of arr) {
+    if (typeof entry !== "object" || entry === null) continue;
+    const e = entry;
+    const filtered = geminiFilterInnerHooks(e["hooks"]);
+    if (filtered.length > 0) {
+      out.push({ ...e, hooks: filtered });
+    }
+  }
+  return out;
+}
+function geminiStripMulticornHookEntries(hooks) {
+  const out = { ...hooks };
+  out["BeforeTool"] = geminiStripMatcherGroups(out["BeforeTool"]);
+  out["AfterTool"] = geminiStripMatcherGroups(out["AfterTool"]);
+  return out;
+}
+async function installGeminiCliNativeHooks(ask) {
+  const root = multicornShieldPackageRoot();
+  const srcBefore = join(root, "plugins", "gemini-cli", "hooks", "scripts", "before-tool.cjs");
+  const srcAfter = join(root, "plugins", "gemini-cli", "hooks", "scripts", "after-tool.cjs");
+  const srcShared = join(root, "plugins", "gemini-cli", "hooks", "scripts", "shared.cjs");
+  if (!existsSync(srcBefore) || !existsSync(srcAfter) || !existsSync(srcShared)) {
+    throw new Error(
+      `Could not find Shield Gemini CLI hook scripts at ${srcBefore}. If you use npm, install the latest multicorn-shield package.`
+    );
+  }
+  const geminiConfigDir = join(homedir(), ".gemini");
+  if (!isExistingDirectory(geminiConfigDir)) {
+    process.stderr.write(
+      style.yellow("\u26A0") + "  Gemini CLI does not appear to be installed (~/.gemini/ not found).\n\n"
+    );
+    process.stderr.write("Install Gemini CLI first:\n");
+    process.stderr.write("  " + style.cyan("npm install -g @google/gemini-cli") + "\n\n");
+    process.stderr.write("Then run this wizard again:\n");
+    process.stderr.write("  " + style.cyan("npx multicorn-shield init") + "\n");
+    throw new NativePluginPrerequisiteMissingError();
+  }
+  const installDir = getGeminiCliHooksInstallDir();
+  await mkdir(installDir, { recursive: true });
+  const destBefore = join(installDir, "before-tool.cjs");
+  const destAfter = join(installDir, "after-tool.cjs");
+  const destShared = join(installDir, "shared.cjs");
+  await copyFile(srcBefore, destBefore);
+  await copyFile(srcAfter, destAfter);
+  await copyFile(srcShared, destShared);
+  const mode = 493;
+  await chmod(destBefore, mode);
+  await chmod(destAfter, mode);
+  await chmod(destShared, mode);
+  const settingsPath = getGeminiCliSettingsPath();
+  let existing = {};
+  try {
+    const rawText = await readFile(settingsPath, "utf8");
+    const parsed = JSON.parse(rawText);
+    if (parsed !== null && typeof parsed === "object" && !Array.isArray(parsed)) {
+      existing = parsed;
+    }
+  } catch (err) {
+    if (isErrnoException(err) && err.code === "ENOENT") {
+      existing = {};
+    } else {
+      process.stderr.write(
+        style.yellow("\u26A0") + ` Could not parse ${settingsPath}. Create valid JSON or remove the file, then run init again.
+`
+      );
+      throw new Error(`Invalid Gemini CLI settings at ${settingsPath}`);
+    }
+  }
+  const hooksRaw = existing["hooks"];
+  const hooksObj = typeof hooksRaw === "object" && hooksRaw !== null && !Array.isArray(hooksRaw) ? hooksRaw : {};
+  if (geminiSettingsHasMulticornHooks(hooksObj)) {
+    const answer = await ask(
+      "Existing Multicorn Shield hooks were found in ~/.gemini/settings.json. Overwrite? (Y/n) "
+    );
+    if (answer.trim().toLowerCase() === "n") {
+      throw new Error("Installation cancelled: existing Shield hooks left unchanged.");
+    }
+  }
+  const cleaned = geminiStripMulticornHookEntries({ ...hooksObj });
+  const beforeArr = Array.isArray(cleaned["BeforeTool"]) ? [...cleaned["BeforeTool"]] : [];
+  const afterArr = Array.isArray(cleaned["AfterTool"]) ? [...cleaned["AfterTool"]] : [];
+  const beforeCmd = `node ${destBefore}`;
+  const afterCmd = `node ${destAfter}`;
+  beforeArr.push({
+    matcher: ".*",
+    hooks: [
+      {
+        type: "command",
+        name: "multicorn-shield",
+        command: beforeCmd,
+        timeout: 6e4
+      }
+    ]
+  });
+  afterArr.push({
+    matcher: ".*",
+    hooks: [
+      {
+        type: "command",
+        name: "multicorn-shield-log",
+        command: afterCmd,
+        timeout: 1e4
+      }
+    ]
+  });
+  existing["hooks"] = {
+    ...cleaned,
+    BeforeTool: beforeArr,
+    AfterTool: afterArr
+  };
+  await mkdir(dirname(settingsPath), { recursive: true });
+  await writeFile(settingsPath, JSON.stringify(existing, null, 2) + "\n", "utf8");
+}
+async function promptGeminiCliIntegrationMode(ask) {
+  process.stderr.write("\n" + style.bold("Gemini CLI integration") + "\n");
+  process.stderr.write(
+    "  " + style.violet("1") + ". Native plugin (recommended) - Gemini CLI Hooks see every file, terminal, web, and MCP action\n"
+  );
+  process.stderr.write(
+    "  " + style.violet("2") + ". Hosted proxy - govern MCP traffic only (paste proxy URL into Gemini CLI settings)\n"
+  );
+  let choice = 0;
+  while (choice === 0) {
+    const input = await ask("Choose integration (1-2): ");
+    const num = parseInt(input.trim(), 10);
+    if (num === 1) choice = 1;
+    if (num === 2) choice = 2;
+  }
+  return choice === 1 ? "native" : "hosted";
+}
 function getClaudeDesktopConfigPath() {
   switch (process.platform) {
     case "win32":
@@ -17,17 +759,2043 @@ function getClaudeDesktopConfigPath() {
         "Claude",
         "claude_desktop_config.json"
       );
-    case "linux":
-      return join(homedir(), ".config", "Claude", "claude_desktop_config.json");
-    default:
-      return join(
-        homedir(),
-        "Library",
-        "Application Support",
-        "Claude",
-        "claude_desktop_config.json"
+    case "linux":
+      return join(homedir(), ".config", "Claude", "claude_desktop_config.json");
+    default:
+      return join(
+        homedir(),
+        "Library",
+        "Application Support",
+        "Claude",
+        "claude_desktop_config.json"
+      );
+  }
+}
+var PLATFORM_LABELS = [
+  "OpenClaw",
+  "Claude Code",
+  "Cursor",
+  "Windsurf",
+  "Cline",
+  "Claude Desktop",
+  "Gemini CLI",
+  "Local MCP / Other"
+];
+var PLATFORM_BY_SELECTION = {
+  1: "openclaw",
+  2: "claude-code",
+  3: "cursor",
+  4: "windsurf",
+  5: "cline",
+  6: "claude-desktop",
+  7: "gemini-cli",
+  8: "other-mcp"
+};
+var DEFAULT_AGENT_NAMES = {
+  openclaw: "my-openclaw-agent",
+  "claude-code": "my-claude-code-agent",
+  cursor: "my-cursor-agent",
+  windsurf: "my-windsurf-agent",
+  cline: "my-cline-agent",
+  "claude-desktop": "my-claude-desktop-agent",
+  "gemini-cli": "my-gemini-cli-agent"
+};
+async function promptPlatformSelection(ask) {
+  process.stderr.write(
+    "\n" + style.bold(style.violet("Which platform are you connecting?")) + "\n"
+  );
+  const connectedFlags = [
+    await isOpenClawConnected(),
+    isClaudeCodeConnected(),
+    await isCursorConnected(),
+    await isWindsurfConnected()
+  ];
+  for (let i = 0; i < PLATFORM_LABELS.length; i++) {
+    const marker = i < connectedFlags.length && connectedFlags[i] ? " " + style.dim("\u25CF detected locally") : "";
+    process.stderr.write(
+      `  ${style.violet(String(i + 1))}. ${PLATFORM_LABELS[i] ?? ""}${marker}
+`
+    );
+  }
+  process.stderr.write(
+    style.dim("     Pick 8 if you want to wrap a local MCP server with multicorn-shield --wrap.") + "\n"
+  );
+  let selection = 0;
+  while (selection === 0) {
+    const input = await ask("Select (1-8): ");
+    const num = parseInt(input.trim(), 10);
+    if (num >= 1 && num <= 8) {
+      selection = num;
+    }
+  }
+  return selection;
+}
+async function promptWindsurfIntegrationMode(ask) {
+  process.stderr.write("\n" + style.bold("Windsurf integration") + "\n");
+  process.stderr.write(
+    "  " + style.violet("1") + ". Native plugin (recommended) - Cascade Hooks see every file, terminal, and MCP action\n"
+  );
+  process.stderr.write(
+    "  " + style.violet("2") + ". Hosted proxy - govern MCP traffic only (paste proxy URL into mcp_config)\n"
+  );
+  let choice = 0;
+  while (choice === 0) {
+    const input = await ask("Choose integration (1-2): ");
+    const num = parseInt(input.trim(), 10);
+    if (num === 1) choice = 1;
+    if (num === 2) choice = 2;
+  }
+  return choice === 1 ? "native" : "hosted";
+}
+async function promptAgentName(ask, platform) {
+  const defaultAgentName = DEFAULT_AGENT_NAMES[platform] ?? "my-agent";
+  let agentName = "";
+  while (agentName.length === 0) {
+    const input = await ask(
+      `
+What would you like to call this agent? ${style.dim(`(${defaultAgentName})`)} `
+    );
+    const raw = input.trim().length > 0 ? input.trim() : defaultAgentName;
+    const transformed = normalizeAgentName(raw);
+    if (transformed.length === 0) {
+      process.stderr.write(
+        style.red("Agent name must contain letters or numbers. Please try again.") + "\n"
+      );
+      continue;
+    }
+    if (transformed !== raw) {
+      process.stderr.write(style.yellow("Agent name set to: ") + style.cyan(transformed) + "\n");
+    }
+    agentName = transformed;
+  }
+  return agentName;
+}
+async function promptProxyConfig(ask, agentName) {
+  let targetUrl = "";
+  while (targetUrl.length === 0) {
+    process.stderr.write(
+      "\n" + style.bold("Target MCP server URL:") + "\n" + style.dim(
+        "The URL of the MCP server you want Shield to protect. Example: https://your-server.example.com/mcp"
+      ) + "\n"
+    );
+    const input = await ask("URL: ");
+    if (input.trim().length === 0) {
+      process.stderr.write(style.red("MCP server URL is required.") + "\n");
+      continue;
+    }
+    try {
+      new URL(input.trim());
+    } catch {
+      process.stderr.write(
+        style.red(
+          "\u2717 That does not look like a valid URL. Please enter a full URL including the scheme (e.g. https://your-server.example.com/mcp)."
+        ) + "\n"
+      );
+      continue;
+    }
+    targetUrl = input.trim();
+  }
+  const defaultShortName = normalizeAgentName(agentName) || "shield-mcp";
+  const shortNameInput = await ask(
+    `
+Short name (a nickname for this connection, used in your proxy URL): ${style.dim(`(${defaultShortName})`)} `
+  );
+  const shortName = shortNameInput.trim().length > 0 ? normalizeAgentName(shortNameInput.trim()) || defaultShortName : defaultShortName;
+  return { targetUrl, shortName };
+}
+async function createProxyConfig(baseUrl, apiKey, agentName, targetUrl, serverName, platform) {
+  let response;
+  try {
+    response = await fetch(`${baseUrl}/api/v1/proxy/config`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Multicorn-Key": apiKey
+      },
+      body: JSON.stringify({
+        server_name: serverName,
+        target_url: targetUrl,
+        platform,
+        agent_name: agentName
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+  } catch (error) {
+    const detail = error instanceof Error ? error.message : String(error);
+    throw new Error(`Failed to create proxy config: ${detail}`);
+  }
+  if (!response.ok) {
+    let errorMsg = `Shield API returned an error (HTTP ${String(response.status)}). Check your agent name and target URL, then try again.`;
+    try {
+      const errBody = await response.json();
+      const errObj = errBody["error"];
+      if (typeof errObj?.["message"] === "string") {
+        errorMsg = stripAnsi(errObj["message"]);
+      } else if (typeof errBody["message"] === "string") {
+        errorMsg = stripAnsi(errBody["message"]);
+      } else if (typeof errBody["detail"] === "string") {
+        errorMsg = stripAnsi(errBody["detail"]);
+      }
+    } catch {
+    }
+    throw new Error(errorMsg);
+  }
+  const envelope = await response.json();
+  const data = envelope["data"];
+  return typeof data?.["proxy_url"] === "string" ? data["proxy_url"] : "";
+}
+function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
+  const usesInlineKey = platform === "cursor" || platform === "claude-desktop" || platform === "windsurf" || platform === "cline" || platform === "gemini-cli";
+  const authHeader = usesInlineKey ? `Bearer ${apiKey}` : "Bearer YOUR_SHIELD_API_KEY";
+  const urlKey = platform === "windsurf" ? "serverUrl" : platform === "gemini-cli" ? "httpUrl" : "url";
+  const mcpSnippet = JSON.stringify(
+    {
+      mcpServers: {
+        [shortName]: {
+          [urlKey]: routingToken,
+          headers: {
+            Authorization: authHeader
+          }
+        }
+      }
+    },
+    null,
+    2
+  );
+  if (platform === "openclaw") {
+    process.stderr.write("\n" + style.dim("Add this to your OpenClaw agent config:") + "\n\n");
+  } else if (platform === "claude-code") {
+    process.stderr.write("\n" + style.dim("Add this to your Claude Code MCP config:") + "\n\n");
+  } else if (platform === "claude-desktop") {
+    process.stderr.write("\n" + style.dim(`Add this to ${getClaudeDesktopConfigPath()}:`) + "\n\n");
+  } else if (platform === "windsurf") {
+    process.stderr.write(
+      "\n" + style.dim("Add this to ~/.codeium/windsurf/mcp_config.json:") + "\n\n"
+    );
+  } else if (platform === "cline") {
+    process.stderr.write("\n" + style.dim("Add this to your Cline MCP settings file:") + "\n");
+    process.stderr.write(
+      style.dim(
+        "  macOS: ~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json"
+      ) + "\n"
+    );
+    process.stderr.write(
+      style.dim(
+        "  Windows: %APPDATA%\\Code\\User\\globalStorage\\saoudrizwan.claude-dev\\settings\\cline_mcp_settings.json"
+      ) + "\n"
+    );
+    process.stderr.write(
+      style.dim(
+        "  Linux: ~/.config/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json"
+      ) + "\n\n"
+    );
+  } else if (platform === "gemini-cli") {
+    process.stderr.write(
+      "\n" + style.dim(
+        "Add this to ~/.gemini/settings.json (create the file if it does not exist). For project-specific config, use .gemini/settings.json in your project root. Restart Gemini CLI after saving. Run /mcp to verify the server is connected."
+      ) + "\n\n"
+    );
+  } else {
+    process.stderr.write("\n" + style.dim("Add this to ~/.cursor/mcp.json:") + "\n\n");
+  }
+  process.stderr.write(style.cyan(mcpSnippet) + "\n\n");
+  if (!usesInlineKey) {
+    process.stderr.write(
+      style.dim(
+        "Replace YOUR_SHIELD_API_KEY with your API key. Find it in Settings > API keys at https://app.multicorn.ai/settings#api-keys"
+      ) + "\n"
+    );
+  }
+  if (platform === "cursor") {
+    process.stderr.write(
+      style.dim(
+        "Then restart Cursor and check Settings > Tools & MCPs for a green status indicator."
+      ) + "\n"
+    );
+    process.stderr.write(
+      style.dim(
+        `Ask Cursor to use your MCP server by its short name. For example: "use the ${shortName} tool to list files in /tmp"`
+      ) + "\n"
+    );
+  }
+  if (platform === "claude-desktop") {
+    process.stderr.write(style.dim("Then restart Claude Desktop to load the MCP server.") + "\n");
+  }
+  if (platform === "cline") {
+    process.stderr.write(
+      style.dim(
+        "After pasting, restart Cline or reload the VS Code window. Cline will discover the Shield tools automatically."
+      ) + "\n"
+    );
+  }
+  if (platform === "windsurf") {
+    process.stderr.write(style.dim("Then restart Windsurf (Cmd/Ctrl+Q, then reopen).") + "\n");
+    process.stderr.write(
+      style.dim(
+        "Open the Cascade panel and verify the server appears with a green status indicator."
+      ) + "\n"
+    );
+  }
+}
+var DEFAULT_SHIELD_API_BASE_URL = "https://api.multicorn.ai";
+async function runInit(explicitBaseUrl) {
+  if (!process.stdin.isTTY) {
+    process.stderr.write(
+      style.red("Error: interactive terminal required. Cannot run init with piped input.") + "\n"
+    );
+    process.exit(1);
+  }
+  const rl = createInterface({ input: process.stdin, output: process.stderr });
+  const ask = (question) => new Promise((resolve) => {
+    rl.question(question, resolve);
+  });
+  process.stderr.write("\n" + BANNER + "\n");
+  process.stderr.write(style.dim("Agent governance for the AI era") + "\n\n");
+  process.stderr.write(style.bold(style.violet("Multicorn Shield proxy setup")) + "\n\n");
+  process.stderr.write(
+    style.dim("Get your API key at https://app.multicorn.ai/settings#api-keys") + "\n\n"
+  );
+  const existing = await loadConfig().catch(() => null);
+  let resolvedBaseUrl;
+  if (explicitBaseUrl !== void 0 && explicitBaseUrl.trim().length > 0) {
+    resolvedBaseUrl = explicitBaseUrl.trim();
+  } else if (existing !== null && existing.baseUrl.length > 0) {
+    resolvedBaseUrl = existing.baseUrl;
+  } else {
+    const fromFile = await readBaseUrlFromConfig();
+    if (fromFile !== void 0 && fromFile.length > 0) {
+      resolvedBaseUrl = fromFile;
+    } else {
+      const envBaseUrl = process.env["MULTICORN_BASE_URL"];
+      resolvedBaseUrl = envBaseUrl !== void 0 && envBaseUrl.trim().length > 0 ? envBaseUrl.trim() : DEFAULT_SHIELD_API_BASE_URL;
+    }
+  }
+  if (!isAllowedShieldApiBaseUrl(resolvedBaseUrl)) {
+    process.stderr.write(
+      style.red(
+        "Base URL must use HTTPS (or http://localhost for local development). Received a non-HTTPS URL from config. Use --base-url to override."
+      ) + "\n"
+    );
+    rl.close();
+    return null;
+  }
+  let apiKey = "";
+  if (existing !== null && existing.apiKey.startsWith("mcs_") && existing.apiKey.length >= 8) {
+    const masked = "mcs_..." + existing.apiKey.slice(-4);
+    process.stderr.write("Found existing API key: " + style.cyan(masked) + "\n");
+    const answer = await ask("Use this key? (Y/n) ");
+    if (answer.trim().toLowerCase() !== "n") {
+      apiKey = existing.apiKey;
+    }
+  }
+  while (apiKey.length === 0) {
+    const input = await ask("API key (starts with mcs_): ");
+    const key = input.trim();
+    if (key.length === 0) {
+      process.stderr.write(style.red("API key is required.") + "\n");
+      continue;
+    }
+    const spinner = withSpinner("Validating key...");
+    let result;
+    try {
+      result = await validateApiKey(key, resolvedBaseUrl);
+    } catch (error) {
+      spinner.stop(false, "Validation failed");
+      throw error;
+    }
+    if (!result.valid) {
+      spinner.stop(false, result.error ?? "Validation failed. Try again.");
+      continue;
+    }
+    spinner.stop(true, "Key validated");
+    apiKey = key;
+  }
+  const configuredAgents = [];
+  let currentAgents = collectAgentsFromConfig(existing);
+  let lastConfig = {
+    apiKey,
+    baseUrl: resolvedBaseUrl,
+    ...currentAgents.length > 0 ? {
+      agents: currentAgents,
+      defaultAgent: existing !== null && typeof existing.defaultAgent === "string" && existing.defaultAgent.length > 0 ? existing.defaultAgent : currentAgents[currentAgents.length - 1]?.name ?? ""
+    } : {}
+  };
+  let configuring = true;
+  while (configuring) {
+    let postSaveNativeSkipNote = null;
+    const selection = await promptPlatformSelection(ask);
+    const selectedPlatform = PLATFORM_BY_SELECTION[selection] ?? "cursor";
+    const selectedLabel = PLATFORM_LABELS[selection - 1] ?? "Cursor";
+    if (selection === 8) {
+      const raw = existing !== null ? { ...existing } : {};
+      raw["apiKey"] = apiKey;
+      raw["baseUrl"] = resolvedBaseUrl;
+      delete raw["agentName"];
+      delete raw["platform"];
+      lastConfig = raw;
+      try {
+        await saveConfig(lastConfig);
+        process.stderr.write(
+          style.green("\u2713") + ` Config saved to ${style.cyan(CONFIG_PATH)}
+`
+        );
+        process.stderr.write(
+          "\n" + style.bold("Try it:") + " " + style.cyan(
+            "npx multicorn-shield --wrap npx @modelcontextprotocol/server-filesystem /tmp"
+          ) + "\n"
+        );
+      } catch (error) {
+        const detail = error instanceof Error ? error.message : String(error);
+        process.stderr.write(style.red(`Failed to save config: ${detail}`) + "\n");
+      }
+      configuredAgents.push({
+        selection,
+        platform: selectedPlatform,
+        platformLabel: selectedLabel,
+        agentName: ""
+      });
+      const another2 = await ask("\nConnect another agent? (Y/n) ");
+      if (another2.trim().toLowerCase() === "n") {
+        configuring = false;
+      }
+      continue;
+    }
+    const existingForPlatform = currentAgents.find((a) => a.platform === selectedPlatform);
+    if (existingForPlatform !== void 0) {
+      process.stderr.write(
+        `
+An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.name)}
+`
+      );
+      const replace = await ask("Replace it? (Y/n) ");
+      if (replace.trim().toLowerCase() === "n") {
+        const another2 = await ask("\nConnect another agent? (Y/n) ");
+        if (another2.trim().toLowerCase() === "n") {
+          configuring = false;
+        }
+        continue;
+      }
+    }
+    const agentName = await promptAgentName(ask, selectedPlatform);
+    let setupSucceeded = false;
+    if (selection === 1) {
+      let detection;
+      try {
+        detection = await detectOpenClaw();
+      } catch (error) {
+        const detail = error instanceof Error ? error.message : String(error);
+        process.stderr.write(style.red("\u2717") + ` Failed to read OpenClaw config: ${detail}
+`);
+        rl.close();
+        return null;
+      }
+      if (detection.status === "not-found") {
+        process.stderr.write(
+          style.red("\u2717") + " OpenClaw is not installed. Install OpenClaw first, then run npx multicorn-shield init again.\n"
+        );
+        rl.close();
+        return null;
+      }
+      if (detection.status === "parse-error") {
+        process.stderr.write(
+          style.red("\u2717") + " Could not update OpenClaw config. Set MULTICORN_API_KEY in ~/.openclaw/openclaw.json manually.\n"
+        );
+      }
+      if (detection.status === "detected") {
+        if (detection.version !== null) {
+          process.stderr.write(
+            style.green("\u2713") + ` OpenClaw detected ${style.dim(`(${detection.version})`)}
+`
+          );
+          if (isVersionAtLeast(detection.version, OPENCLAW_MIN_VERSION)) {
+            process.stderr.write(
+              style.green("\u2713") + " " + style.green("Version compatible") + "\n"
+            );
+          } else {
+            process.stderr.write(
+              style.yellow("\u26A0") + ` Shield has been tested with OpenClaw ${style.cyan(OPENCLAW_MIN_VERSION)} and above. Your version (${detection.version}) may work but is untested. We recommend upgrading to at least ${style.cyan(OPENCLAW_MIN_VERSION)}.
+`
+            );
+            const answer = await ask("Continue anyway? (y/N) ");
+            if (answer.trim().toLowerCase() !== "y") {
+              rl.close();
+              return null;
+            }
+          }
+        } else {
+          process.stderr.write(
+            style.yellow("\u26A0") + " Could not detect OpenClaw version. Continuing anyway.\n"
+          );
+        }
+        const spinner = withSpinner("Updating OpenClaw config...");
+        try {
+          const result = await updateOpenClawConfigIfPresent(apiKey, resolvedBaseUrl, agentName);
+          if (result === "not-found") {
+            spinner.stop(false, "OpenClaw config disappeared unexpectedly.");
+            rl.close();
+            return null;
+          }
+          if (result === "parse-error") {
+            spinner.stop(
+              false,
+              "Could not update OpenClaw config. Set MULTICORN_API_KEY in ~/.openclaw/openclaw.json manually."
+            );
+          } else {
+            spinner.stop(
+              true,
+              "OpenClaw config updated at " + style.cyan("~/.openclaw/openclaw.json")
+            );
+          }
+        } catch (error) {
+          const detail = error instanceof Error ? error.message : String(error);
+          spinner.stop(false, `Failed to update OpenClaw config: ${detail}`);
+        }
+      }
+      configuredAgents.push({
+        selection,
+        platform: selectedPlatform,
+        platformLabel: selectedLabel,
+        agentName
+      });
+      setupSucceeded = true;
+    } else if (selection === 2) {
+      process.stderr.write("\nTo connect Claude Code to Shield:\n\n");
+      process.stderr.write(
+        "  " + style.bold("Step 1") + " - Add the Multicorn marketplace:\n    " + style.cyan("claude plugin marketplace add Multicorn-AI/multicorn-shield") + "\n\n"
+      );
+      process.stderr.write(
+        "  " + style.bold("Step 2") + " - Install the plugin:\n    " + style.cyan("claude plugin install multicorn-shield@multicorn-shield") + "\n\n"
+      );
+      process.stderr.write(
+        style.dim("Requires Claude Code to be installed. Get it at https://code.claude.com") + "\n"
+      );
+      configuredAgents.push({
+        selection,
+        platform: selectedPlatform,
+        platformLabel: selectedLabel,
+        agentName
+      });
+      setupSucceeded = true;
+    } else if (selection === 4) {
+      const windsurfMode = await promptWindsurfIntegrationMode(ask);
+      if (windsurfMode === "native") {
+        try {
+          await installWindsurfNativeHooks();
+          process.stderr.write("\n" + style.bold("Shield Windsurf hooks installed") + "\n");
+          process.stderr.write(
+            style.dim("Scripts: ") + style.cyan(getWindsurfHooksInstallDir()) + "\n"
+          );
+          process.stderr.write(
+            style.dim("Hooks config: ") + style.cyan(getWindsurfCascadeHooksJsonPath()) + "\n"
+          );
+          process.stderr.write(
+            "\n" + style.dim(
+              "The Shield hook runs with your user permissions. It intercepts Cascade actions to check permissions and log activity. Review the scripts under "
+            ) + style.cyan("~/.multicorn/windsurf-hooks") + style.dim(" if that is a concern.") + "\n\n"
+          );
+          process.stderr.write(
+            style.dim("Restart Windsurf (quit fully, then reopen) so hooks load.") + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            windsurfIntegration: "native"
+          });
+          setupSucceeded = true;
+        } catch (error) {
+          if (error instanceof NativePluginPrerequisiteMissingError) {
+            postSaveNativeSkipNote = nativePluginSkippedSaveNote(
+              "npx multicorn-shield init",
+              "Windsurf"
+            );
+            configuredAgents.push({
+              selection,
+              platform: selectedPlatform,
+              platformLabel: selectedLabel,
+              agentName
+            });
+            setupSucceeded = true;
+          } else {
+            const detail = error instanceof Error ? error.message : String(error);
+            process.stderr.write(style.red("\u2717 ") + detail + "\n");
+          }
+        }
+      } else {
+        const { targetUrl, shortName } = await promptProxyConfig(ask, agentName);
+        let proxyUrl = "";
+        let created = false;
+        while (!created) {
+          const spinner = withSpinner("Creating proxy config...");
+          try {
+            proxyUrl = await createProxyConfig(
+              resolvedBaseUrl,
+              apiKey,
+              agentName,
+              targetUrl,
+              shortName,
+              selectedPlatform
+            );
+            spinner.stop(true, "Proxy config created!");
+            created = true;
+          } catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            spinner.stop(false, detail);
+            const retry = await ask("Try again? (Y/n) ");
+            if (retry.trim().toLowerCase() === "n") {
+              break;
+            }
+          }
+        }
+        if (created && proxyUrl.length > 0) {
+          process.stderr.write("\n" + style.bold("Your Shield proxy URL:") + "\n");
+          process.stderr.write("  " + style.cyan(proxyUrl) + "\n");
+          printPlatformSnippet(selectedPlatform, proxyUrl, shortName, apiKey);
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            shortName,
+            proxyUrl,
+            windsurfIntegration: "hosted"
+          });
+          setupSucceeded = true;
+        }
+      }
+    } else if (selection === 7) {
+      const geminiMode = await promptGeminiCliIntegrationMode(ask);
+      if (geminiMode === "native") {
+        try {
+          await installGeminiCliNativeHooks(ask);
+          process.stderr.write("\n" + style.bold("Shield Gemini CLI hooks installed") + "\n\n");
+          process.stderr.write(
+            style.dim("Hook scripts: ") + style.cyan(getGeminiCliHooksInstallDir()) + "\n"
+          );
+          process.stderr.write(
+            style.dim("Settings updated at ") + style.cyan("~/.gemini/settings.json") + "\n"
+          );
+          process.stderr.write(
+            style.dim(
+              "The Shield hook runs with your user permissions. It intercepts Gemini CLI tool calls to check permissions and log activity. Review the scripts if that is a concern."
+            ) + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            geminiCliIntegration: "native"
+          });
+          setupSucceeded = true;
+        } catch (error) {
+          if (error instanceof NativePluginPrerequisiteMissingError) {
+            postSaveNativeSkipNote = nativePluginSkippedSaveNote(
+              "npx multicorn-shield init",
+              "Gemini CLI"
+            );
+            configuredAgents.push({
+              selection,
+              platform: selectedPlatform,
+              platformLabel: selectedLabel,
+              agentName
+            });
+            setupSucceeded = true;
+          } else {
+            const detail = error instanceof Error ? error.message : String(error);
+            process.stderr.write(style.red("\u2717 ") + detail + "\n");
+          }
+        }
+      } else {
+        const { targetUrl, shortName } = await promptProxyConfig(ask, agentName);
+        let proxyUrl = "";
+        let created = false;
+        while (!created) {
+          const spinner = withSpinner("Creating proxy config...");
+          try {
+            proxyUrl = await createProxyConfig(
+              resolvedBaseUrl,
+              apiKey,
+              agentName,
+              targetUrl,
+              shortName,
+              selectedPlatform
+            );
+            spinner.stop(true, "Proxy config created!");
+            created = true;
+          } catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            spinner.stop(false, detail);
+            const retry = await ask("Try again? (Y/n) ");
+            if (retry.trim().toLowerCase() === "n") {
+              break;
+            }
+          }
+        }
+        if (created && proxyUrl.length > 0) {
+          process.stderr.write("\n" + style.bold("Your Shield proxy URL:") + "\n");
+          process.stderr.write("  " + style.cyan(proxyUrl) + "\n");
+          printPlatformSnippet(selectedPlatform, proxyUrl, shortName, apiKey);
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            shortName,
+            proxyUrl,
+            geminiCliIntegration: "hosted"
+          });
+          setupSucceeded = true;
+        }
+      }
+    } else if (selection === 5) {
+      const clineMode = await promptClineIntegrationMode(ask);
+      if (clineMode === "native") {
+        try {
+          await installClineNativeHooks();
+          process.stderr.write("\n" + style.bold("Shield Cline hooks installed") + "\n\n");
+          process.stderr.write(
+            style.dim(
+              "The Shield hook runs with your user permissions. It intercepts Cline tool calls to check permissions and log activity. Review the scripts under "
+            ) + style.cyan("~/.multicorn/cline-hooks") + style.dim(" if that is a concern.") + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            clineIntegration: "native"
+          });
+          setupSucceeded = true;
+        } catch (error) {
+          if (error instanceof NativePluginPrerequisiteMissingError) {
+            postSaveNativeSkipNote = nativePluginSkippedSaveNote(
+              "npx multicorn-shield init",
+              "Cline"
+            );
+            configuredAgents.push({
+              selection,
+              platform: selectedPlatform,
+              platformLabel: selectedLabel,
+              agentName
+            });
+            setupSucceeded = true;
+          } else {
+            const detail = error instanceof Error ? error.message : String(error);
+            process.stderr.write(style.red("\u2717 ") + detail + "\n");
+          }
+        }
+      } else {
+        const { targetUrl, shortName } = await promptProxyConfig(ask, agentName);
+        let proxyUrl = "";
+        let created = false;
+        while (!created) {
+          const spinner = withSpinner("Creating proxy config...");
+          try {
+            proxyUrl = await createProxyConfig(
+              resolvedBaseUrl,
+              apiKey,
+              agentName,
+              targetUrl,
+              shortName,
+              selectedPlatform
+            );
+            spinner.stop(true, "Proxy config created!");
+            created = true;
+          } catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            spinner.stop(false, detail);
+            const retry = await ask("Try again? (Y/n) ");
+            if (retry.trim().toLowerCase() === "n") {
+              break;
+            }
+          }
+        }
+        if (created && proxyUrl.length > 0) {
+          process.stderr.write("\n" + style.bold("Your Shield proxy URL:") + "\n");
+          process.stderr.write("  " + style.cyan(proxyUrl) + "\n");
+          printPlatformSnippet(selectedPlatform, proxyUrl, shortName, apiKey);
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            shortName,
+            proxyUrl,
+            clineIntegration: "hosted"
+          });
+          setupSucceeded = true;
+        }
+      }
+    } else {
+      const { targetUrl, shortName } = await promptProxyConfig(ask, agentName);
+      let proxyUrl = "";
+      let created = false;
+      while (!created) {
+        const spinner = withSpinner("Creating proxy config...");
+        try {
+          proxyUrl = await createProxyConfig(
+            resolvedBaseUrl,
+            apiKey,
+            agentName,
+            targetUrl,
+            shortName,
+            selectedPlatform
+          );
+          spinner.stop(true, "Proxy config created!");
+          created = true;
+        } catch (error) {
+          const detail = error instanceof Error ? error.message : String(error);
+          spinner.stop(false, detail);
+          const retry = await ask("Try again? (Y/n) ");
+          if (retry.trim().toLowerCase() === "n") {
+            break;
+          }
+        }
+      }
+      if (created && proxyUrl.length > 0) {
+        process.stderr.write("\n" + style.bold("Your Shield proxy URL:") + "\n");
+        process.stderr.write("  " + style.cyan(proxyUrl) + "\n");
+        printPlatformSnippet(selectedPlatform, proxyUrl, shortName, apiKey);
+        configuredAgents.push({
+          selection,
+          platform: selectedPlatform,
+          platformLabel: selectedLabel,
+          agentName,
+          shortName,
+          proxyUrl
+        });
+        setupSucceeded = true;
+      }
+    }
+    if (setupSucceeded) {
+      currentAgents = currentAgents.filter((a) => a.platform !== selectedPlatform);
+      currentAgents.push({ name: agentName, platform: selectedPlatform });
+      const raw = existing !== null ? { ...existing } : {};
+      raw["apiKey"] = apiKey;
+      raw["baseUrl"] = resolvedBaseUrl;
+      raw["agents"] = currentAgents;
+      raw["defaultAgent"] = agentName;
+      delete raw["agentName"];
+      delete raw["platform"];
+      lastConfig = raw;
+      try {
+        await saveConfig(lastConfig);
+        process.stderr.write(
+          style.green("\u2713") + ` Config saved to ${style.cyan(CONFIG_PATH)}
+`
+        );
+        if (postSaveNativeSkipNote != null) {
+          process.stderr.write(postSaveNativeSkipNote);
+          postSaveNativeSkipNote = null;
+        }
+      } catch (error) {
+        const detail = error instanceof Error ? error.message : String(error);
+        process.stderr.write(style.red(`Failed to save config: ${detail}`) + "\n");
+        postSaveNativeSkipNote = null;
+      }
+    }
+    const another = await ask("\nConnect another agent? (Y/n) ");
+    if (another.trim().toLowerCase() === "n") {
+      configuring = false;
+    }
+  }
+  rl.close();
+  if (configuredAgents.length > 0) {
+    process.stderr.write("\n" + style.bold(style.violet("Setup complete")) + "\n\n");
+    for (const agent of configuredAgents) {
+      const namePart = agent.agentName.length > 0 ? ` - ${style.cyan(agent.agentName)}` : "";
+      const urlPart = agent.proxyUrl != null ? ` ${style.dim(`(${agent.proxyUrl})`)}` : "";
+      process.stderr.write(
+        `  ${style.green("\u2713")} ${agent.platformLabel}${namePart}${urlPart}
+`
+      );
+    }
+    process.stderr.write("\n");
+    const configuredPlatforms = new Set(configuredAgents.map((a) => a.platform));
+    const blocks = [];
+    if (configuredPlatforms.has("openclaw")) {
+      blocks.push(
+        "\n" + style.bold("To complete your OpenClaw setup:") + "\n  \u2192 Restart your gateway: " + style.cyan("openclaw gateway restart") + "\n  \u2192 Start a session: " + style.cyan("openclaw tui") + "\n"
+      );
+    }
+    if (configuredPlatforms.has("claude-code")) {
+      blocks.push(
+        "\n" + style.bold("To complete your Claude Code setup:") + "\n  \u2192 Add marketplace: " + style.cyan("claude plugin marketplace add Multicorn-AI/multicorn-shield") + "\n  \u2192 Install plugin: " + style.cyan("claude plugin install multicorn-shield@multicorn-shield") + "\n"
+      );
+    }
+    if (configuredPlatforms.has("claude-desktop")) {
+      blocks.push(
+        "\n" + style.bold("To complete your Claude Desktop setup:") + "\n  \u2192 Restart Claude Desktop to pick up config changes\n"
+      );
+    }
+    if (configuredPlatforms.has("cursor")) {
+      blocks.push(
+        "\n" + style.bold("To complete your Cursor setup:") + "\n  1. If you don't have Cursor yet, download it from " + style.cyan("https://cursor.com/downloads") + "\n  2. Open " + style.cyan("~/.cursor/mcp.json") + " and paste the config snippet shown above\n  3. Restart Cursor (or launch it for the first time) to load the new MCP server\n"
+      );
+    }
+    const windsurfNativeConfigured = configuredAgents.some(
+      (a) => a.platform === "windsurf" && a.windsurfIntegration === "native"
+    );
+    const windsurfHostedConfigured = configuredAgents.some(
+      (a) => a.platform === "windsurf" && a.windsurfIntegration === "hosted"
+    );
+    if (windsurfNativeConfigured) {
+      blocks.push(
+        "\n" + style.bold("To complete native Windsurf (Shield) setup:") + "\n  1. Hook scripts: " + style.cyan(getWindsurfHooksInstallDir()) + "\n  2. Hooks config: " + style.cyan(getWindsurfCascadeHooksJsonPath()) + "\n  3. Restart Windsurf (quit fully, then reopen)\n"
+      );
+    }
+    if (windsurfHostedConfigured) {
+      blocks.push(
+        "\n" + style.bold("To complete your Windsurf hosted-proxy setup:") + "\n  1. If you don't have Windsurf yet, download it from " + style.cyan("https://windsurf.com/download") + "\n  2. Open " + style.cyan("~/.codeium/windsurf/mcp_config.json") + " and paste the config snippet shown above\n  3. Restart Windsurf (or launch it for the first time) to load the new MCP server\n"
+      );
+    }
+    const clineNativeConfigured = configuredAgents.some(
+      (a) => a.platform === "cline" && a.clineIntegration === "native"
+    );
+    const clineHostedConfigured = configuredAgents.some(
+      (a) => a.platform === "cline" && a.clineIntegration === "hosted"
+    );
+    if (clineNativeConfigured) {
+      blocks.push(
+        "\n" + style.bold("To complete native Cline (Shield) setup:") + "\n  1. Enable Hooks in Cline: open VS Code, click the Cline sidebar icon, click the gear icon,\n     scroll down to the Advanced section, and toggle Hooks on.\n  2. Reload the VS Code window (Cmd+Shift+P > Reload Window)\n  3. Trigger any tool call to verify Shield is intercepting\n"
+      );
+    }
+    if (clineHostedConfigured) {
+      blocks.push(
+        "\n" + style.bold("To complete your Cline hosted-proxy setup:") + "\n  1. If you don't have Cline yet, install it from the VS Code marketplace\n  2. Open your Cline MCP settings file and paste the config snippet shown above\n  3. Restart Cline or reload the VS Code window\n"
+      );
+    }
+    const geminiCliNativeConfigured = configuredAgents.some(
+      (a) => a.platform === "gemini-cli" && a.geminiCliIntegration === "native"
+    );
+    const geminiCliHostedConfigured = configuredAgents.some(
+      (a) => a.platform === "gemini-cli" && a.geminiCliIntegration === "hosted"
+    );
+    if (geminiCliNativeConfigured) {
+      blocks.push(
+        "\n" + style.bold("Gemini CLI native hooks:") + "\n  Your Gemini CLI hooks are installed. Restart Gemini CLI to activate Shield governance.\n"
+      );
+    }
+    if (geminiCliHostedConfigured) {
+      blocks.push(
+        "\n" + style.bold("To complete your Gemini CLI setup:") + "\n  1. Open " + style.cyan("~/.gemini/settings.json") + "\n  2. Paste the config snippet shown above\n  3. Restart Gemini CLI, then run /mcp to verify\n"
+      );
+    }
+    if (blocks.length > 0) {
+      process.stderr.write("\n" + style.bold(style.violet("Next steps")) + "\n");
+      process.stderr.write(blocks.join("") + "\n");
+    }
+  }
+  return lastConfig;
+}
+
+// src/types/index.ts
+var PERMISSION_LEVELS = {
+  Read: "read",
+  Write: "write",
+  Execute: "execute",
+  Publish: "publish",
+  Create: "create"
+};
+
+// src/scopes/scope-parser.ts
+var VALID_PERMISSION_LEVELS = new Set(Object.values(PERMISSION_LEVELS));
+[...VALID_PERMISSION_LEVELS].join(", ");
+function formatScope(scope) {
+  return `${scope.permissionLevel}:${scope.service}`;
+}
+
+// src/scopes/scope-validator.ts
+function validateScopeAccess(grantedScopes, requested) {
+  const isGranted = grantedScopes.some(
+    (granted) => granted.service === requested.service && granted.permissionLevel === requested.permissionLevel
+  );
+  if (isGranted) {
+    return { allowed: true };
+  }
+  const serviceScopes = grantedScopes.filter((g) => g.service === requested.service);
+  if (serviceScopes.length > 0) {
+    const grantedLevels = serviceScopes.map((g) => `"${g.permissionLevel}"`).join(", ");
+    return {
+      allowed: false,
+      reason: `Permission "${requested.permissionLevel}" is not granted for service "${requested.service}". Currently granted permission level(s): ${grantedLevels}. Requested scope "${formatScope(requested)}" requires explicit consent.`
+    };
+  }
+  return {
+    allowed: false,
+    reason: `No permissions granted for service "${requested.service}". The agent has not been authorised to access this service. Request scope "${formatScope(requested)}" via the consent screen.`
+  };
+}
+function hasScope(grantedScopes, requested) {
+  return grantedScopes.some(
+    (granted) => granted.service === requested.service && granted.permissionLevel === requested.permissionLevel
+  );
+}
+
+// src/logger/action-logger.ts
+function createActionLogger(config) {
+  if (!config.apiKey || config.apiKey.trim().length === 0) {
+    throw new Error(
+      "[ActionLogger] API key is required. Provide it via the 'apiKey' config option."
+    );
+  }
+  const baseUrl = config.baseUrl ?? "https://api.multicorn.ai";
+  const timeout = config.timeout ?? 5e3;
+  if (!baseUrl.startsWith("https://") && !baseUrl.startsWith("http://localhost")) {
+    throw new Error(
+      `[ActionLogger] Base URL must use HTTPS for security. Received: "${baseUrl}". Use https:// or http://localhost for local development.`
+    );
+  }
+  const endpoint = `${baseUrl}/api/v1/actions`;
+  const batchEnabled = config.batchMode?.enabled ?? false;
+  const maxBatchSize = config.batchMode?.maxSize ?? 10;
+  const flushInterval = config.batchMode?.flushIntervalMs ?? 5e3;
+  const queue = [];
+  let flushTimer;
+  let isShutdown = false;
+  async function sendActions(actions) {
+    if (actions.length === 0) return;
+    const convertAction = (action) => ({
+      agent: action.agent,
+      service: action.service,
+      actionType: action.actionType,
+      status: action.status,
+      ...action.cost !== void 0 ? { cost: action.cost } : {},
+      ...action.metadata !== void 0 ? { metadata: action.metadata } : {}
+    });
+    const convertedActions = actions.map(convertAction);
+    const payload = batchEnabled ? { actions: convertedActions } : convertedActions[0];
+    let lastError;
+    for (let attempt = 0; attempt < 2; attempt++) {
+      try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => {
+          controller.abort();
+        }, timeout);
+        const response = await fetch(endpoint, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "X-Multicorn-Key": config.apiKey
+          },
+          body: JSON.stringify(payload),
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        if (response.ok) {
+          return;
+        }
+        if (response.status >= 400 && response.status < 500) {
+          const body = await response.text().catch(() => "");
+          throw new Error(
+            `[ActionLogger] Client error (${String(response.status)}): ${response.statusText}. Response: ${body}. Check your API key and payload format.`
+          );
+        }
+        if (response.status >= 500 && attempt === 0) {
+          lastError = new Error(
+            `[ActionLogger] Server error (${String(response.status)}): ${response.statusText}. Retrying once...`
+          );
+          await sleep(100 * Math.pow(2, attempt));
+          continue;
+        }
+        throw new Error(
+          `[ActionLogger] Server error (${String(response.status)}) after retry: ${response.statusText}. Multicorn API may be experiencing issues.`
+        );
+      } catch (error) {
+        if (error instanceof Error) {
+          if (error.name === "AbortError") {
+            lastError = new Error(
+              `[ActionLogger] Request timeout after ${String(timeout)}ms. Increase the 'timeout' config option or check your network connection.`
+            );
+          } else if (error.message.includes("Client error") || error.message.includes("Server error")) {
+            lastError = error;
+          } else {
+            lastError = new Error(
+              `[ActionLogger] Network error: ${error.message}. Check your network connection and API endpoint.`
+            );
+          }
+        } else {
+          lastError = new Error(`[ActionLogger] Unknown error: ${String(error)}`);
+        }
+        if (attempt === 0 && !lastError.message.includes("Client error")) {
+          await sleep(100 * Math.pow(2, attempt));
+          continue;
+        }
+        break;
+      }
+    }
+    if (lastError) {
+      if (config.onError) {
+        config.onError(lastError);
+      }
+    }
+  }
+  async function flushQueue() {
+    if (queue.length === 0) return;
+    const actions = queue.map((item) => item.payload);
+    queue.length = 0;
+    await sendActions(actions);
+  }
+  function startFlushTimer() {
+    if (flushTimer !== void 0) return;
+    flushTimer = setInterval(() => {
+      flushQueue().catch(() => {
+      });
+    }, flushInterval);
+    const timer = flushTimer;
+    if (typeof timer.unref === "function") {
+      timer.unref();
+    }
+  }
+  function stopFlushTimer() {
+    if (flushTimer) {
+      clearInterval(flushTimer);
+      flushTimer = void 0;
+    }
+  }
+  if (batchEnabled) {
+    startFlushTimer();
+  }
+  return {
+    logAction(action) {
+      if (isShutdown) {
+        throw new Error(
+          "[ActionLogger] Cannot log action after shutdown. Create a new logger instance."
+        );
+      }
+      if (action.agent.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'agent' field.");
+      }
+      if (action.service.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'service' field.");
+      }
+      if (action.actionType.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'actionType' field.");
+      }
+      if (action.status.trim().length === 0) {
+        throw new Error("[ActionLogger] Action must have a non-empty 'status' field.");
+      }
+      if (batchEnabled) {
+        queue.push({ payload: action, timestamp: Date.now() });
+        if (queue.length >= maxBatchSize) {
+          flushQueue().catch(() => {
+          });
+        }
+      } else {
+        sendActions([action]).catch(() => {
+        });
+      }
+      return Promise.resolve();
+    },
+    async flush() {
+      if (!batchEnabled) return;
+      await flushQueue();
+    },
+    async shutdown() {
+      if (isShutdown) return;
+      isShutdown = true;
+      stopFlushTimer();
+      if (batchEnabled) {
+        await flushQueue();
+      }
+    }
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/spending/spending-checker.ts
+function createSpendingChecker(config) {
+  validateLimits(config.limits);
+  let dailySpendCents = 0;
+  let monthlySpendCents = 0;
+  let lastDailyReset = /* @__PURE__ */ new Date();
+  let lastMonthlyReset = /* @__PURE__ */ new Date();
+  function validateAmount(amountCents, context) {
+    if (!Number.isInteger(amountCents)) {
+      throw new Error(
+        `[SpendingChecker] ${context} must be an integer (cents). Received: ${String(amountCents)}. Convert dollars to cents by multiplying by 100.`
+      );
+    }
+    if (amountCents < 0) {
+      throw new Error(
+        `[SpendingChecker] ${context} must be non-negative. Received: ${String(amountCents)} cents.`
+      );
+    }
+  }
+  function formatCents(cents) {
+    const dollars = cents / 100;
+    return `$${dollars.toLocaleString("en-US", {
+      minimumFractionDigits: 2,
+      maximumFractionDigits: 2
+    })}`;
+  }
+  function checkAndResetDaily() {
+    const now = /* @__PURE__ */ new Date();
+    if (shouldResetDaily(lastDailyReset, now)) {
+      dailySpendCents = 0;
+      lastDailyReset = now;
+    }
+  }
+  function checkAndResetMonthly() {
+    const now = /* @__PURE__ */ new Date();
+    if (shouldResetMonthly(lastMonthlyReset, now)) {
+      monthlySpendCents = 0;
+      lastMonthlyReset = now;
+    }
+  }
+  function shouldResetDaily(lastReset, now) {
+    return lastReset.getDate() !== now.getDate() || lastReset.getMonth() !== now.getMonth() || lastReset.getFullYear() !== now.getFullYear();
+  }
+  function shouldResetMonthly(lastReset, now) {
+    return lastReset.getMonth() !== now.getMonth() || lastReset.getFullYear() !== now.getFullYear();
+  }
+  function calculateRemainingBudget() {
+    return {
+      transaction: config.limits.perTransaction,
+      daily: Math.max(0, config.limits.perDay - dailySpendCents),
+      monthly: Math.max(0, config.limits.perMonth - monthlySpendCents)
+    };
+  }
+  return {
+    checkSpend(amountCents) {
+      validateAmount(amountCents, "Spend amount");
+      checkAndResetDaily();
+      checkAndResetMonthly();
+      if (amountCents > config.limits.perTransaction) {
+        return {
+          allowed: false,
+          reason: `Action blocked: ${formatCents(amountCents)} exceeds per-transaction limit of ${formatCents(config.limits.perTransaction)}`,
+          remainingBudget: calculateRemainingBudget()
+        };
+      }
+      const projectedDaily = dailySpendCents + amountCents;
+      if (projectedDaily > config.limits.perDay) {
+        return {
+          allowed: false,
+          reason: `Action blocked: ${formatCents(amountCents)} would exceed per-day limit. Current spend today: ${formatCents(dailySpendCents)}, limit: ${formatCents(config.limits.perDay)}`,
+          remainingBudget: calculateRemainingBudget()
+        };
+      }
+      const projectedMonthly = monthlySpendCents + amountCents;
+      if (projectedMonthly > config.limits.perMonth) {
+        return {
+          allowed: false,
+          reason: `Action blocked: ${formatCents(amountCents)} would exceed per-month limit. Current spend this month: ${formatCents(monthlySpendCents)}, limit: ${formatCents(config.limits.perMonth)}`,
+          remainingBudget: calculateRemainingBudget()
+        };
+      }
+      return {
+        allowed: true,
+        remainingBudget: calculateRemainingBudget()
+      };
+    },
+    recordSpend(amountCents) {
+      validateAmount(amountCents, "Spend amount");
+      checkAndResetDaily();
+      checkAndResetMonthly();
+      dailySpendCents += amountCents;
+      monthlySpendCents += amountCents;
+    },
+    getCurrentSpend() {
+      checkAndResetDaily();
+      checkAndResetMonthly();
+      return {
+        daily: dailySpendCents,
+        monthly: monthlySpendCents
+      };
+    },
+    reset() {
+      dailySpendCents = 0;
+      monthlySpendCents = 0;
+      lastDailyReset = /* @__PURE__ */ new Date();
+      lastMonthlyReset = /* @__PURE__ */ new Date();
+    }
+  };
+}
+function validateLimits(limits) {
+  const checks = [
+    { value: limits.perTransaction, name: "perTransaction" },
+    { value: limits.perDay, name: "perDay" },
+    { value: limits.perMonth, name: "perMonth" }
+  ];
+  for (const check of checks) {
+    if (!Number.isInteger(check.value)) {
+      throw new Error(
+        `[SpendingChecker] Limit "${check.name}" must be an integer (cents). Received: ${String(check.value)}. All limits must be specified in integer cents.`
+      );
+    }
+    if (check.value < 0) {
+      throw new Error(
+        `[SpendingChecker] Limit "${check.name}" must be non-negative. Received: ${String(check.value)} cents.`
+      );
+    }
+  }
+}
+function dollarsToCents(dollars) {
+  return Math.round(dollars * 100);
+}
+
+// src/proxy/interceptor.ts
+var BLOCKED_ERROR_CODE = -32e3;
+var SPENDING_BLOCKED_ERROR_CODE = -32001;
+var INTERNAL_ERROR_CODE = -32002;
+var SERVICE_UNREACHABLE_ERROR_CODE = -32003;
+var AUTH_ERROR_CODE = -32004;
+function parseJsonRpcLine(line) {
+  const trimmed = line.trim();
+  if (trimmed.length === 0) return null;
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch {
+    return null;
+  }
+  return isJsonRpcRequest(parsed) ? parsed : null;
+}
+function extractToolCallParams(request) {
+  if (request.method !== "tools/call") return null;
+  if (typeof request.params !== "object" || request.params === null) return null;
+  const params = request.params;
+  const name = params["name"];
+  const args = params["arguments"];
+  if (typeof name !== "string") return null;
+  if (typeof args !== "object" || args === null) return null;
+  return { name, arguments: args };
+}
+function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+  const displayService = capitalize(service);
+  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: BLOCKED_ERROR_CODE,
+      message
+    }
+  };
+}
+function buildSpendingBlockedResponse(id, reason, dashboardUrl) {
+  const message = `Action blocked by Multicorn Shield: ${reason}. Review spending limits at ${dashboardUrl}`;
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: SPENDING_BLOCKED_ERROR_CODE,
+      message
+    }
+  };
+}
+function buildInternalErrorResponse(id) {
+  const message = "Action blocked: Shield encountered an internal error and cannot verify permissions. Check proxy logs for details.";
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: INTERNAL_ERROR_CODE,
+      message
+    }
+  };
+}
+function buildServiceUnreachableResponse(id, dashboardUrl) {
+  const message = `Action blocked: Shield cannot verify permissions (service unreachable). Configure offline behaviour at ${dashboardUrl}`;
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: SERVICE_UNREACHABLE_ERROR_CODE,
+      message
+    }
+  };
+}
+function buildAuthErrorResponse(id) {
+  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-shield init to reconfigure.";
+  return {
+    jsonrpc: "2.0",
+    id,
+    error: {
+      code: AUTH_ERROR_CODE,
+      message
+    }
+  };
+}
+function extractServiceFromToolName(toolName) {
+  const idx = toolName.indexOf("_");
+  return idx === -1 ? toolName : toolName.slice(0, idx);
+}
+function extractActionFromToolName(toolName) {
+  const idx = toolName.indexOf("_");
+  return idx === -1 ? "call" : toolName.slice(idx + 1);
+}
+function isJsonRpcRequest(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  if (obj["jsonrpc"] !== "2.0") return false;
+  if (typeof obj["method"] !== "string") return false;
+  const id = obj["id"];
+  const validId = id === null || id === void 0 || typeof id === "string" || typeof id === "number";
+  return validId;
+}
+function capitalize(str) {
+  if (str.length === 0) return str;
+  const first = str[0];
+  return first !== void 0 ? first.toUpperCase() + str.slice(1) : str;
+}
+var MULTICORN_DIR = join(homedir(), ".multicorn");
+var SCOPES_PATH = join(MULTICORN_DIR, "scopes.json");
+var CACHE_META_PATH = join(MULTICORN_DIR, "cache-meta.json");
+function cacheKey(agentName, apiKey) {
+  return createHash("sha256").update(`${agentName}:${apiKey}`).digest("hex").slice(0, 16);
+}
+async function ensureCacheIdentity(apiKey) {
+  const currentHash = createHash("sha256").update(apiKey).digest("hex");
+  let storedHash = null;
+  try {
+    const raw = await readFile(CACHE_META_PATH, "utf8");
+    const meta = JSON.parse(raw);
+    if (typeof meta === "object" && meta !== null && "apiKeyHash" in meta) {
+      storedHash = meta.apiKeyHash;
+    }
+  } catch {
+  }
+  if (storedHash === null || storedHash !== currentHash) {
+    try {
+      await unlink(SCOPES_PATH);
+    } catch {
+    }
+  }
+  if (storedHash !== currentHash) {
+    await mkdir(MULTICORN_DIR, { recursive: true, mode: 448 });
+    await writeFile(CACHE_META_PATH, JSON.stringify({ apiKeyHash: currentHash }, null, 2) + "\n", {
+      encoding: "utf8",
+      mode: 384
+    });
+  }
+}
+async function loadCachedScopes(agentName, apiKey) {
+  if (apiKey.length === 0) return null;
+  await ensureCacheIdentity(apiKey);
+  const key = cacheKey(agentName, apiKey);
+  try {
+    const raw = await readFile(SCOPES_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!isScopesCacheFile(parsed)) return null;
+    const entry = parsed[key];
+    return entry?.scopes ?? null;
+  } catch {
+    return null;
+  }
+}
+async function saveCachedScopes(agentName, agentId, scopes, apiKey) {
+  if (apiKey.length === 0) return;
+  await ensureCacheIdentity(apiKey);
+  const key = cacheKey(agentName, apiKey);
+  await mkdir(MULTICORN_DIR, { recursive: true, mode: 448 });
+  let existing = {};
+  try {
+    const raw = await readFile(SCOPES_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    if (isScopesCacheFile(parsed)) existing = parsed;
+  } catch {
+  }
+  const updated = {
+    ...existing,
+    [key]: {
+      agentId,
+      scopes,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  };
+  await writeFile(SCOPES_PATH, JSON.stringify(updated, null, 2) + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+function isScopesCacheFile(value) {
+  return typeof value === "object" && value !== null;
+}
+
+// src/proxy/consent.ts
+var CONSENT_POLL_INTERVAL_MS = 3e3;
+var CONSENT_POLL_TIMEOUT_MS = 5 * 60 * 1e3;
+function deriveDashboardUrl(baseUrl) {
+  try {
+    const url = new URL(baseUrl);
+    if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
+      url.port = "5173";
+      url.protocol = "http:";
+      return url.toString();
+    }
+    if (url.hostname === "api.multicorn.ai") {
+      url.hostname = "app.multicorn.ai";
+      return url.toString();
+    }
+    if (url.hostname.includes("api")) {
+      url.hostname = url.hostname.replace("api", "app");
+      return url.toString();
+    }
+    if (url.protocol === "https:" && url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
+      return "https://app.multicorn.ai";
+    }
+    return "https://app.multicorn.ai";
+  } catch {
+    return "https://app.multicorn.ai";
+  }
+}
+var ShieldAuthError = class _ShieldAuthError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ShieldAuthError";
+    Object.setPrototypeOf(this, _ShieldAuthError.prototype);
+  }
+};
+async function findAgentByName(agentName, apiKey, baseUrl) {
+  let response;
+  try {
+    response = await fetch(`${baseUrl}/api/v1/agents`, {
+      headers: { "X-Multicorn-Key": apiKey },
+      signal: AbortSignal.timeout(8e3)
+    });
+  } catch {
+    return null;
+  }
+  if (!response.ok) {
+    if (response.status === 401 || response.status === 403) {
+      return { id: "", name: agentName, scopes: [], authInvalid: true };
+    }
+    return null;
+  }
+  let body;
+  try {
+    body = await response.json();
+  } catch {
+    return null;
+  }
+  if (!isApiSuccessResponse(body)) return null;
+  const agents = body.data;
+  if (!Array.isArray(agents)) return null;
+  const match = agents.find(
+    (a) => isAgentSummaryShape(a) && a.name === agentName
+  );
+  if (match === void 0) return null;
+  return { id: match.id, name: match.name, scopes: [] };
+}
+async function registerAgent(agentName, apiKey, baseUrl, platform) {
+  const response = await fetch(`${baseUrl}/api/v1/agents`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-Multicorn-Key": apiKey
+    },
+    body: JSON.stringify({ name: agentName, ...platform ? { platform } : {} }),
+    signal: AbortSignal.timeout(8e3)
+  });
+  if (!response.ok) {
+    if (response.status === 401 || response.status === 403) {
+      throw new ShieldAuthError(
+        `Failed to register agent "${agentName}": service returned ${String(response.status)}.`
+      );
+    }
+    throw new Error(
+      `Failed to register agent "${agentName}": service returned ${String(response.status)}.`
+    );
+  }
+  const body = await response.json();
+  if (!isApiSuccessResponse(body)) {
+    throw new Error(`Failed to register agent "${agentName}": unexpected response format.`);
+  }
+  if (!isAgentSummaryShape(body.data)) {
+    throw new Error(`Failed to register agent "${agentName}": response missing agent ID.`);
+  }
+  return body.data.id;
+}
+async function fetchGrantedScopes(agentId, apiKey, baseUrl) {
+  let response;
+  try {
+    response = await fetch(`${baseUrl}/api/v1/agents/${agentId}`, {
+      headers: { "X-Multicorn-Key": apiKey },
+      signal: AbortSignal.timeout(8e3)
+    });
+  } catch {
+    return [];
+  }
+  if (!response.ok) return [];
+  const body = await response.json();
+  if (!isApiSuccessResponse(body)) return [];
+  const agentDetail = body.data;
+  if (!isAgentDetailShape(agentDetail)) return [];
+  const scopes = [];
+  for (const perm of agentDetail.permissions) {
+    if (!isPermissionShape(perm)) continue;
+    if (perm.revoked_at !== null) continue;
+    if (perm.read) scopes.push({ service: perm.service, permissionLevel: "read" });
+    if (perm.write) scopes.push({ service: perm.service, permissionLevel: "write" });
+    if (perm.execute) scopes.push({ service: perm.service, permissionLevel: "execute" });
+  }
+  return scopes;
+}
+function openBrowser(url) {
+  if (process.env["NODE_ENV"] === "test" || process.env["VITEST"] === "true") {
+    return;
+  }
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? "open" : platform === "win32" ? "start" : "xdg-open";
+  spawn(cmd, [url], { detached: true, stdio: "ignore" }).unref();
+}
+async function waitForConsent(agentId, agentName, apiKey, baseUrl, dashboardUrl, logger, scope, platform) {
+  const scopeStrings = scope ? [`${scope.service}:${scope.permissionLevel}`] : detectScopeHints();
+  const consentUrl = buildConsentUrl(agentName, scopeStrings, dashboardUrl, platform);
+  logger.info("Opening consent page in your browser.", { url: consentUrl });
+  process.stderr.write(
+    `
+Action requires permission. Opening consent page...
+${consentUrl}
+
+Waiting for you to grant access in the Multicorn dashboard...
+`
+  );
+  openBrowser(consentUrl);
+  const deadline = Date.now() + CONSENT_POLL_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    await sleep2(CONSENT_POLL_INTERVAL_MS);
+    const scopes = await fetchGrantedScopes(agentId, apiKey, baseUrl);
+    if (scopes.length > 0) {
+      logger.info("Permissions granted.", { agent: agentName, scopeCount: scopes.length });
+      return scopes;
+    }
+  }
+  throw new Error(
+    `Consent not granted within ${String(CONSENT_POLL_TIMEOUT_MS / 6e4)} minutes. Grant access at ${dashboardUrl} and restart the proxy.`
+  );
+}
+async function resolveAgentRecord(agentName, apiKey, baseUrl, logger, platform) {
+  const cachedScopes = await loadCachedScopes(agentName, apiKey);
+  if (cachedScopes !== null && cachedScopes.length > 0) {
+    logger.debug("Loaded scopes from cache.", { agent: agentName, count: cachedScopes.length });
+  }
+  let agent = await findAgentByName(agentName, apiKey, baseUrl);
+  if (agent?.authInvalid) {
+    return agent;
+  }
+  if (agent === null) {
+    try {
+      logger.info("Agent not found. Registering.", { agent: agentName });
+      const id = await registerAgent(agentName, apiKey, baseUrl, platform);
+      agent = { id, name: agentName, scopes: [] };
+      logger.info("Agent registered.", { agent: agentName, id });
+    } catch (error) {
+      if (error instanceof ShieldAuthError) {
+        return { id: "", name: agentName, scopes: [], authInvalid: true };
+      }
+      const detail = error instanceof Error ? error.message : String(error);
+      if (cachedScopes !== null && cachedScopes.length > 0) {
+        logger.warn("Service unreachable. Using cached scopes.", { error: detail });
+        return { id: "", name: agentName, scopes: cachedScopes };
+      }
+      logger.warn("Could not reach Multicorn service. Running with empty permissions.", {
+        error: detail
+      });
+      return { id: "", name: agentName, scopes: [] };
+    }
+  }
+  const scopes = await fetchGrantedScopes(agent.id, apiKey, baseUrl);
+  if (scopes.length > 0) {
+    await saveCachedScopes(agentName, agent.id, scopes, apiKey);
+  }
+  return { ...agent, scopes };
+}
+function buildConsentUrl(agentName, scopes, dashboardUrl, platform) {
+  const base = dashboardUrl.replace(/\/+$/, "");
+  const params = new URLSearchParams({ agent: agentName });
+  if (scopes.length > 0) {
+    params.set("scopes", scopes.join(","));
+  }
+  if (platform) {
+    params.set("platform", platform);
+  }
+  return `${base}/consent?${params.toString()}`;
+}
+function detectScopeHints() {
+  return [];
+}
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function isApiSuccessResponse(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return obj["success"] === true;
+}
+function isAgentSummaryShape(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["id"] === "string" && typeof obj["name"] === "string";
+}
+function isAgentDetailShape(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return Array.isArray(obj["permissions"]);
+}
+function isPermissionShape(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["service"] === "string" && typeof obj["read"] === "boolean" && typeof obj["write"] === "boolean" && typeof obj["execute"] === "boolean" && (obj["revoked_at"] === null || obj["revoked_at"] === void 0 || typeof obj["revoked_at"] === "string");
+}
+
+// src/proxy/index.ts
+var DEFAULT_SCOPE_REFRESH_INTERVAL_MS = 6e4;
+function createProxyServer(config) {
+  if (!config.baseUrl.startsWith("https://") && !config.baseUrl.startsWith("http://localhost") && !config.baseUrl.startsWith("http://127.0.0.1")) {
+    throw new Error(
+      `[multicorn-shield] Base URL must use HTTPS. Received: "${config.baseUrl}". Use https:// or http://localhost for local development.`
+    );
+  }
+  let child = null;
+  let actionLogger = null;
+  let spendingChecker = null;
+  let grantedScopes = [];
+  let agentId = "";
+  let authInvalid = false;
+  let refreshTimer = null;
+  let consentInProgress = false;
+  const pendingLines = [];
+  let draining = false;
+  let stopped = false;
+  async function refreshScopes() {
+    if (stopped) return;
+    if (agentId.length === 0) return;
+    try {
+      const scopes = await fetchGrantedScopes(agentId, config.apiKey, config.baseUrl);
+      grantedScopes = scopes;
+      if (scopes.length > 0) {
+        await saveCachedScopes(config.agentName, agentId, scopes, config.apiKey);
+      }
+      config.logger.debug("Scopes refreshed.", { count: scopes.length });
+    } catch (error) {
+      config.logger.warn("Scope refresh failed.", {
+        error: error instanceof Error ? error.message : String(error)
+      });
+    }
+  }
+  async function ensureConsent(requestedScope) {
+    if (agentId.length === 0) return;
+    if (requestedScope !== void 0) {
+      if (hasScope(grantedScopes, requestedScope) || consentInProgress) return;
+    } else {
+      if (grantedScopes.length > 0 || consentInProgress) return;
+    }
+    consentInProgress = true;
+    try {
+      const scopeParam = requestedScope !== void 0 ? { service: requestedScope.service, permissionLevel: requestedScope.permissionLevel } : void 0;
+      const scopes = await waitForConsent(
+        agentId,
+        config.agentName,
+        config.apiKey,
+        config.baseUrl,
+        config.dashboardUrl,
+        config.logger,
+        scopeParam,
+        config.platform ?? "other-mcp"
+      );
+      grantedScopes = scopes;
+      await saveCachedScopes(config.agentName, agentId, scopes, config.apiKey);
+    } finally {
+      consentInProgress = false;
+    }
+  }
+  async function handleToolCall(line) {
+    const request = parseJsonRpcLine(line);
+    if (request === null) return null;
+    if (request.method !== "tools/call") return null;
+    const toolParams = extractToolCallParams(request);
+    if (toolParams === null) return null;
+    try {
+      if (authInvalid) {
+        const blocked = buildAuthErrorResponse(request.id);
+        return JSON.stringify(blocked);
+      }
+      if (agentId.length === 0) {
+        const blocked = buildServiceUnreachableResponse(request.id, config.dashboardUrl);
+        return JSON.stringify(blocked);
+      }
+      const service = extractServiceFromToolName(toolParams.name);
+      const action = extractActionFromToolName(toolParams.name);
+      config.logger.debug("Extracted tool identity.", {
+        tool: toolParams.name,
+        service,
+        action
+      });
+      const requestedScope = { service, permissionLevel: "execute" };
+      const validation = validateScopeAccess(grantedScopes, requestedScope);
+      config.logger.debug("Scope validation result.", {
+        tool: toolParams.name,
+        allowed: validation.allowed,
+        scopeCount: grantedScopes.length
+      });
+      if (!validation.allowed) {
+        await ensureConsent(requestedScope);
+        const revalidation = validateScopeAccess(grantedScopes, requestedScope);
+        config.logger.debug("Post-consent revalidation result.", {
+          tool: toolParams.name,
+          allowed: revalidation.allowed,
+          scopeCount: grantedScopes.length
+        });
+        if (!revalidation.allowed) {
+          if (actionLogger !== null) {
+            if (!config.agentName || config.agentName.trim().length === 0) {
+              process.stderr.write(
+                "[multicorn-shield] Cannot log action: agent name not resolved\n"
+              );
+            } else {
+              config.logger.debug("Logging blocked action (post-consent).", {
+                agent: config.agentName,
+                service,
+                action
+              });
+              await actionLogger.logAction({
+                agent: config.agentName,
+                service,
+                actionType: action,
+                status: "blocked"
+              });
+              config.logger.debug("Blocked action logged.", { tool: toolParams.name });
+            }
+          }
+          return JSON.stringify(
+            buildBlockedResponse(request.id, service, "execute", config.dashboardUrl)
+          );
+        }
+      }
+      if (spendingChecker !== null) {
+        const costCents = extractCostCents(toolParams.arguments);
+        if (costCents > 0) {
+          const spendResult = spendingChecker.checkSpend(costCents);
+          if (!spendResult.allowed) {
+            if (actionLogger !== null) {
+              if (!config.agentName || config.agentName.trim().length === 0) {
+                process.stderr.write(
+                  "[multicorn-shield] Cannot log action: agent name not resolved\n"
+                );
+              } else {
+                config.logger.debug("Logging blocked action (spending).", {
+                  agent: config.agentName,
+                  service,
+                  action
+                });
+                await actionLogger.logAction({
+                  agent: config.agentName,
+                  service,
+                  actionType: action,
+                  status: "blocked"
+                });
+                config.logger.debug("Spending-blocked action logged.", { tool: toolParams.name });
+              }
+            }
+            const blocked = buildSpendingBlockedResponse(
+              request.id,
+              spendResult.reason ?? "spending limit exceeded",
+              config.dashboardUrl
+            );
+            return JSON.stringify(blocked);
+          }
+          spendingChecker.recordSpend(costCents);
+        }
+      }
+      if (actionLogger !== null) {
+        if (!config.agentName || config.agentName.trim().length === 0) {
+          process.stderr.write("[multicorn-shield] Cannot log action: agent name not resolved\n");
+        } else {
+          config.logger.debug("Logging approved action.", {
+            agent: config.agentName,
+            service,
+            action
+          });
+          await actionLogger.logAction({
+            agent: config.agentName,
+            service,
+            actionType: action,
+            status: "approved"
+          });
+          config.logger.debug("Approved action logged.", { tool: toolParams.name });
+        }
+      }
+      return null;
+    } catch (error) {
+      config.logger.error("Tool call handler error.", {
+        error: error instanceof Error ? error.message : String(error)
+      });
+      const blocked = buildInternalErrorResponse(request.id);
+      return JSON.stringify(blocked);
+    }
+  }
+  async function processLine(line) {
+    const childProcess = child;
+    if (childProcess?.stdin === null || childProcess === null) return;
+    const override = await handleToolCall(line);
+    if (override !== null) {
+      process.stdout.write(override + "\n");
+    } else {
+      childProcess.stdin.write(line + "\n");
+    }
+  }
+  async function drainQueue() {
+    if (draining) return;
+    draining = true;
+    while (pendingLines.length > 0) {
+      const line = pendingLines.shift();
+      if (line === void 0) break;
+      await processLine(line);
+    }
+    draining = false;
+  }
+  function enqueueLine(line) {
+    pendingLines.push(line);
+    void drainQueue();
+  }
+  async function stop() {
+    stopped = true;
+    if (refreshTimer !== null) {
+      clearInterval(refreshTimer);
+      refreshTimer = null;
+    }
+    if (actionLogger !== null) {
+      await actionLogger.shutdown();
+      actionLogger = null;
+    }
+    const childProcess = child;
+    if (childProcess !== null) {
+      childProcess.kill("SIGTERM");
+      child = null;
+    }
+  }
+  async function start() {
+    config.logger.info("Proxy starting.", { agent: config.agentName, command: config.command });
+    const agentRecord = await resolveAgentRecord(
+      config.agentName,
+      config.apiKey,
+      config.baseUrl,
+      config.logger,
+      config.platform ?? "other-mcp"
+    );
+    agentId = agentRecord.id;
+    grantedScopes = agentRecord.scopes;
+    authInvalid = agentRecord.authInvalid === true;
+    if (authInvalid) {
+      config.logger.error("API key rejected by the Multicorn service.", {
+        agent: config.agentName
+      });
+      process.stderr.write(
+        "\nError: API key was rejected by the Multicorn service.\nCheck your key at https://app.multicorn.ai/settings#api-keys or run `npx multicorn-shield init` to reconfigure.\n\n"
       );
+      throw new Error("API key was rejected by the Multicorn service.");
+    }
+    config.logger.info("Agent resolved.", {
+      agent: config.agentName,
+      id: agentId,
+      scopeCount: grantedScopes.length
+    });
+    actionLogger = createActionLogger({
+      apiKey: config.apiKey,
+      baseUrl: config.baseUrl,
+      batchMode: { enabled: false },
+      onError: (err) => {
+        config.logger.warn("Action log failed.", { error: err.message });
+      }
+    });
+    if (config.spendingLimits !== void 0) {
+      spendingChecker = createSpendingChecker({ limits: config.spendingLimits });
+    }
+    child = spawn(config.command, config.commandArgs, {
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    const childProcess = child;
+    childProcess.on("error", (err) => {
+      config.logger.error("Child process error.", { error: err.message });
+    });
+    childProcess.on("exit", (code, signal) => {
+      config.logger.info("Child process exited.", {
+        code: code ?? void 0,
+        signal: signal ?? void 0
+      });
+    });
+    if (childProcess.stdout !== null) {
+      childProcess.stdout.on("data", (chunk) => {
+        process.stdout.write(chunk);
+      });
+    }
+    if (childProcess.stderr !== null) {
+      childProcess.stderr.on("data", (chunk) => {
+        config.logger.debug("Child stderr.", { data: chunk.toString().trim() });
+      });
+    }
+    const rl = createInterface({ input: process.stdin, terminal: false });
+    rl.on("line", (line) => {
+      enqueueLine(line);
+    });
+    rl.on("close", () => {
+      config.logger.info("Agent disconnected. Shutting down.");
+      void stop();
+    });
+    const refreshIntervalMs = config.scopeRefreshIntervalMs ?? DEFAULT_SCOPE_REFRESH_INTERVAL_MS;
+    refreshTimer = setInterval(() => {
+      void refreshScopes();
+    }, refreshIntervalMs);
+    const timer = refreshTimer;
+    if (typeof timer.unref === "function") {
+      timer.unref();
+    }
+    config.logger.info("Proxy ready.", { agent: config.agentName });
+    return new Promise((resolve) => {
+      childProcess.on("exit", () => {
+        resolve();
+      });
+    });
+  }
+  return { start, stop };
+}
+function extractCostCents(args) {
+  const amount = args["amount"];
+  if (typeof amount !== "number" || !Number.isFinite(amount) || amount <= 0) return 0;
+  return dollarsToCents(amount);
+}
+var LOG_LEVELS = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+function createLogger(level, output = process.stderr) {
+  const minLevel = LOG_LEVELS[level];
+  function write(logLevel, msg, data) {
+    if (LOG_LEVELS[logLevel] < minLevel) return;
+    const entry = {
+      level: logLevel,
+      time: (/* @__PURE__ */ new Date()).toISOString(),
+      msg,
+      ...data
+    };
+    output.write(JSON.stringify(entry) + "\n");
   }
+  return {
+    debug: (msg, data) => {
+      write("debug", msg, data);
+    },
+    info: (msg, data) => {
+      write("info", msg, data);
+    },
+    warn: (msg, data) => {
+      write("warn", msg, data);
+    },
+    error: (msg, data) => {
+      write("error", msg, data);
+    }
+  };
+}
+function isValidLogLevel(value) {
+  return typeof value === "string" && Object.hasOwn(LOG_LEVELS, value);
 }
 var EXTENSION_BACKUP_FILENAME = "extension-backup.json";
 function getExtensionBackupPath() {
@@ -58,7 +2826,7 @@ async function readExtensionBackup() {
 }
 
 // src/extension/restore.ts
-function isErrnoException(e) {
+function isErrnoException2(e) {
   return typeof e === "object" && e !== null && "code" in e;
 }
 function isRecord2(value) {
@@ -80,7 +2848,7 @@ async function restoreClaudeDesktopMcpFromBackup() {
       root = parsed;
     }
   } catch (error) {
-    if (!isErrnoException(error) || error.code !== "ENOENT") {
+    if (!isErrnoException2(error) || error.code !== "ENOENT") {
       throw error;
     }
   }
@@ -90,30 +2858,322 @@ async function restoreClaudeDesktopMcpFromBackup() {
 }
 
 // bin/multicorn-shield.ts
-async function main() {
-  const arg = process.argv[2];
-  if (arg === "restore") {
-    await restoreClaudeDesktopMcpFromBackup();
-    process.stderr.write(
-      "Restored MCP server entries from ~/.multicorn/extension-backup.json into Claude Desktop config.\nRestart Claude Desktop to apply changes.\n"
-    );
-    return;
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  let subcommand = "help";
+  let wrapCommand = "";
+  let wrapArgs = [];
+  let logLevel = "info";
+  let baseUrl = void 0;
+  let dashboardUrl = "";
+  let agentName = "";
+  let deleteAgentName = "";
+  let apiKey = void 0;
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg === "init") {
+      subcommand = "init";
+    } else if (arg === "agents") {
+      subcommand = "agents";
+    } else if (arg === "delete-agent") {
+      subcommand = "delete-agent";
+      const name = args[i + 1];
+      if (name === void 0 || name.startsWith("-")) {
+        process.stderr.write("Error: delete-agent requires an agent name.\n");
+        process.stderr.write("Example: npx multicorn-shield delete-agent my-agent\n");
+        process.exit(1);
+      }
+      deleteAgentName = name;
+      i++;
+    } else if (arg === "--wrap") {
+      subcommand = "wrap";
+      const tail = args.slice(i + 1);
+      const remaining = [];
+      for (let j = 0; j < tail.length; j++) {
+        const token = tail[j];
+        if (token === void 0) continue;
+        if (remaining.length > 0) {
+          remaining.push(token);
+          continue;
+        }
+        if (token === "--agent-name") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            agentName = value;
+            j++;
+          }
+        } else if (token === "--log-level") {
+          const value = tail[j + 1];
+          if (value !== void 0 && isValidLogLevel(value)) {
+            logLevel = value;
+            j++;
+          }
+        } else if (token === "--base-url") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            baseUrl = value;
+            j++;
+          }
+        } else if (token === "--dashboard-url") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            dashboardUrl = value;
+            j++;
+          }
+        } else if (token === "--api-key") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            apiKey = value;
+            j++;
+          }
+        } else {
+          remaining.push(token);
+        }
+      }
+      if (remaining.length === 0) {
+        process.stderr.write("Error: --wrap requires a command to run.\n");
+        process.stderr.write("Example: npx multicorn-shield --wrap my-mcp-server\n");
+        process.exit(1);
+      }
+      wrapCommand = remaining[0] ?? "";
+      wrapArgs = remaining.slice(1);
+      break;
+    } else if (arg === "--log-level") {
+      const next = args[i + 1];
+      if (next !== void 0 && isValidLogLevel(next)) {
+        logLevel = next;
+        i++;
+      }
+    } else if (arg === "--base-url") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        baseUrl = next;
+        i++;
+      }
+    } else if (arg === "--dashboard-url") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        dashboardUrl = next;
+        i++;
+      }
+    } else if (arg === "--agent-name") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        agentName = next;
+        i++;
+      }
+    } else if (arg === "--api-key") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        apiKey = next;
+        i++;
+      }
+    }
   }
+  return {
+    subcommand,
+    wrapCommand,
+    wrapArgs,
+    logLevel,
+    baseUrl,
+    dashboardUrl,
+    agentName,
+    deleteAgentName,
+    apiKey
+  };
+}
+function printHelp() {
   process.stderr.write(
     [
-      "Multicorn Shield command-line tool",
+      "multicorn-shield: MCP permission proxy and Shield setup",
       "",
       "Usage:",
+      "  npx multicorn-shield init",
+      "      Interactive setup. Saves API key to ~/.multicorn/config.json.",
+      "",
       "  npx multicorn-shield restore",
       "      Restore MCP servers in claude_desktop_config.json from the Shield extension backup.",
+      "",
+      "  npx multicorn-shield agents",
+      "      List configured agents and show which is the default.",
+      "",
+      "  npx multicorn-shield delete-agent <name>",
+      "      Remove a saved agent.",
+      "",
+      "  npx multicorn-shield --wrap <command> [args...]",
+      "      Start <command> as an MCP server and proxy all tool calls through",
+      "      Shield's permission layer.",
+      "",
+      "Options:",
+      "  --api-key <key>       Multicorn API key (overrides MULTICORN_API_KEY env var and config file)",
+      "  --log-level <level>   Log level: debug | info | warn | error  (default: info)",
+      "  --base-url <url>      Multicorn API base URL  (default: https://api.multicorn.ai)",
+      "  --dashboard-url <url> Dashboard URL for consent page  (default: derived from --base-url)",
+      "  --agent-name <name>   Override agent name derived from the wrapped command",
+      "",
+      "Examples:",
+      "  npx multicorn-shield init",
+      "  npx multicorn-shield --wrap npx @modelcontextprotocol/server-filesystem /tmp",
+      "  npx multicorn-shield --wrap my-mcp-server --log-level debug",
       ""
     ].join("\n")
   );
-  process.exit(arg === void 0 || arg === "help" || arg === "--help" ? 0 : 1);
 }
-void main().catch((error) => {
-  const message = error instanceof Error ? error.message : String(error);
-  process.stderr.write(`Error: ${message}
+async function runCli() {
+  const first = process.argv[2];
+  if (first === "restore") {
+    await restoreClaudeDesktopMcpFromBackup();
+    process.stderr.write(
+      "Restored MCP server entries from ~/.multicorn/extension-backup.json into Claude Desktop config.\nRestart Claude Desktop to apply changes.\n"
+    );
+    return;
+  }
+  const cli = parseArgs(process.argv);
+  const logger = createLogger(cli.logLevel);
+  if (cli.subcommand === "help") {
+    printHelp();
+    process.exit(0);
+  }
+  if (cli.subcommand === "init") {
+    await runInit(cli.baseUrl);
+    return;
+  }
+  if (cli.subcommand === "agents") {
+    const config2 = await loadConfig();
+    if (config2 === null) {
+      process.stderr.write(
+        "No config found. Run `npx multicorn-shield init` to set up your API key.\n"
+      );
+      process.exit(1);
+    }
+    const agents = collectAgentsFromConfig(config2);
+    if (agents.length === 0) {
+      process.stderr.write("No agents configured. Run `npx multicorn-shield init` to add one.\n");
+      process.exit(0);
+    }
+    const def = config2.defaultAgent;
+    process.stdout.write("Configured agents:\n");
+    for (const a of agents) {
+      const mark = a.name === def ? " (default)" : "";
+      process.stdout.write(`${a.name} (${a.platform})${mark}
+`);
+    }
+    return;
+  }
+  if (cli.subcommand === "delete-agent") {
+    const safeName = cli.deleteAgentName.replace(/[^\x20-\x7E]/g, "");
+    const ok = await deleteAgentByName(cli.deleteAgentName);
+    if (!ok) {
+      process.stderr.write(`No agent named "${safeName}" in config.
+`);
+      process.exit(1);
+    }
+    process.stdout.write(`Removed agent "${safeName}".
 `);
+    return;
+  }
+  if (cli.baseUrl !== void 0 && cli.baseUrl.length > 0) {
+    if (!isAllowedShieldApiBaseUrl(cli.baseUrl)) {
+      process.stderr.write(
+        "Error: --base-url must use HTTPS. Received a non-HTTPS URL.\nUse https:// or http://localhost for local development.\n"
+      );
+      process.exit(1);
+    }
+  }
+  const config = await resolveWrapConfig(cli, logger);
+  const finalBaseUrl = cli.baseUrl !== void 0 && cli.baseUrl.length > 0 ? cli.baseUrl : config.baseUrl;
+  if (cli.baseUrl === void 0 || cli.baseUrl.length === 0) {
+    if (!isAllowedShieldApiBaseUrl(finalBaseUrl)) {
+      process.stderr.write(
+        "Error: --base-url must use HTTPS. Received a non-HTTPS URL.\nUse https:// or http://localhost for local development.\n"
+      );
+      process.exit(1);
+    }
+  }
+  const agentName = resolveWrapAgentName(cli, config);
+  const finalDashboardUrl = cli.dashboardUrl !== "" ? cli.dashboardUrl : deriveDashboardUrl(finalBaseUrl);
+  const legacyPlatform = config.platform;
+  const platformForServer = typeof legacyPlatform === "string" && legacyPlatform.length > 0 ? legacyPlatform : "other-mcp";
+  const proxy = createProxyServer({
+    command: cli.wrapCommand,
+    commandArgs: cli.wrapArgs,
+    apiKey: config.apiKey,
+    agentName,
+    baseUrl: finalBaseUrl,
+    dashboardUrl: finalDashboardUrl,
+    logger,
+    platform: platformForServer
+  });
+  async function shutdown() {
+    logger.info("Shutting down.");
+    await proxy.stop();
+    process.exit(0);
+  }
+  process.on("SIGTERM", () => {
+    void shutdown();
+  });
+  process.on("SIGINT", () => {
+    void shutdown();
+  });
+  await proxy.start();
+}
+async function resolveWrapConfig(cli, logger) {
+  if (cli.apiKey !== void 0 && cli.apiKey.length > 0) {
+    logger.debug("Using API key from --api-key flag.");
+    return {
+      apiKey: cli.apiKey,
+      baseUrl: cli.baseUrl ?? DEFAULT_SHIELD_API_BASE_URL
+    };
+  }
+  const envKey = process.env["MULTICORN_API_KEY"];
+  if (typeof envKey === "string" && envKey.length > 0) {
+    logger.debug("Using API key from MULTICORN_API_KEY environment variable.");
+    return {
+      apiKey: envKey,
+      baseUrl: cli.baseUrl ?? DEFAULT_SHIELD_API_BASE_URL
+    };
+  }
+  const config = await loadConfig();
+  if (config !== null) {
+    return config;
+  }
+  process.stderr.write(
+    "No API key found. Provide one via the --api-key flag, the MULTICORN_API_KEY environment variable, or run `npx multicorn-shield init` to set up a config file.\n"
+  );
   process.exit(1);
-});
+}
+function resolveWrapAgentName(cli, config) {
+  if (cli.agentName.length > 0) {
+    return cli.agentName;
+  }
+  const legacyPlatform = config.platform;
+  const legacyAgentName = config.agentName;
+  const platformKey = typeof legacyPlatform === "string" && legacyPlatform.length > 0 ? legacyPlatform : "other-mcp";
+  const fromPlatform = getAgentByPlatform(config, platformKey);
+  if (fromPlatform !== void 0) {
+    return fromPlatform.name;
+  }
+  const fallbackDefault = getDefaultAgent(config);
+  if (fallbackDefault !== void 0) {
+    return fallbackDefault.name;
+  }
+  if (typeof legacyAgentName === "string" && legacyAgentName.length > 0) {
+    return legacyAgentName;
+  }
+  return deriveAgentName(cli.wrapCommand);
+}
+function deriveAgentName(command) {
+  const base = command.split("/").pop() ?? command;
+  return base.replace(/\.[cm]?[jt]s$/, "");
+}
+var isDirectRun = process.argv[1] !== void 0 && (import.meta.url.endsWith(process.argv[1]) || import.meta.url === `file://${process.argv[1]}` || import.meta.url.endsWith("/multicorn-shield.js") || import.meta.url.endsWith("/multicorn-shield.ts"));
+if (isDirectRun && process.env["VITEST"] === void 0) {
+  runCli().catch((error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`Fatal error: ${message}
+`);
+    process.exit(1);
+  });
+}
+
+export { parseArgs, resolveWrapConfig, runCli };