multicorn-shield 0.13.0 → 1.1.0

package/dist/multicorn-proxy.js

@@ -1,31 +1,23 @@
 #!/usr/bin/env node
 import { existsSync, statSync } from 'fs';
-import { mkdir, writeFile, readFile, copyFile, chmod, unlink } from 'fs/promises';
-import { join, dirname } from 'path';
+import { readFile, mkdir, writeFile, copyFile, chmod, unlink } from 'fs/promises';
+import { dirname, join } from 'path';
 import { homedir } from 'os';
 import { fileURLToPath } from 'url';
 import { createInterface } from 'readline';
-import { spawn } from 'child_process';
 import { createHash } from 'crypto';
+import { spawn } from 'child_process';
 import 'stream';
 
-var style = {
-  violet: (s) => `\x1B[38;2;124;58;237m${s}\x1B[0m`,
-  violetLight: (s) => `\x1B[38;2;167;139;250m${s}\x1B[0m`,
-  green: (s) => `\x1B[38;2;34;197;94m${s}\x1B[0m`,
-  yellow: (s) => `\x1B[38;2;245;158;11m${s}\x1B[0m`,
-  red: (s) => `\x1B[38;2;239;68;68m${s}\x1B[0m`,
-  cyan: (s) => `\x1B[38;2;6;182;212m${s}\x1B[0m`,
-  bold: (s) => `\x1B[1m${s}\x1B[0m`,
-  dim: (s) => `\x1B[2m${s}\x1B[0m`
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
 };
-var BANNER = [
-  " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588   \u2588\u2588\u2584 ",
-  " \u2588   \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
-  " \u2588\u2588\u2588 \u2588\u2588\u2588\u2588 \u2588 \u2588\u2588  \u2588   \u2588  \u2588",
-  "   \u2588 \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
-  " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588\u2588\u2588 \u2588\u2588\u2580 "
-].map((line) => style.violet(line)).join("\n");
 function withSpinner(message) {
   const frames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
   let i = 0;
@@ -43,12 +35,6 @@ function withSpinner(message) {
     }
   };
 }
-var NativePluginPrerequisiteMissingError = class extends Error {
-  constructor() {
-    super("Native plugin prerequisites not met");
-    this.name = "NativePluginPrerequisiteMissingError";
-  }
-};
 function isExistingDirectory(path) {
   try {
     if (!existsSync(path)) return false;
@@ -60,10 +46,6 @@ function isExistingDirectory(path) {
 function nativePluginSkippedSaveNote(wizardCommand, productName) {
   return "\n" + style.dim("Your agent config has been saved. Run ") + style.cyan(wizardCommand) + style.dim(` again after installing ${productName} to complete hook setup.`) + "\n";
 }
-var CONFIG_DIR = join(homedir(), ".multicorn");
-var CONFIG_PATH = join(CONFIG_DIR, "config.json");
-var OPENCLAW_CONFIG_PATH = join(homedir(), ".openclaw", "openclaw.json");
-var ANSI_PATTERN = new RegExp(String.fromCharCode(27) + "\\[[0-9;]*[a-zA-Z]", "g");
 function stripAnsi(str) {
   return str.replace(ANSI_PATTERN, "");
 }
@@ -207,7 +189,6 @@ async function saveConfig(config) {
     mode: 384
   });
 }
-var OPENCLAW_MIN_VERSION = "2026.2.26";
 async function detectOpenClaw() {
   let raw;
   try {
@@ -373,7 +354,8 @@ async function isCursorConnected() {
       const url = rec["url"];
       if (typeof url === "string" && url.includes("multicorn")) return true;
       const args = rec["args"];
-      if (Array.isArray(args) && args.includes("multicorn-proxy")) return true;
+      if (Array.isArray(args) && (args.includes("multicorn-shield") || args.includes("multicorn-proxy")))
+        return true;
     }
     return false;
   } catch (err) {
@@ -452,7 +434,7 @@ async function installWindsurfNativeHooks() {
       "Open Windsurf at least once so this folder exists, or install from:\n  " + style.cyan("https://windsurf.com/download") + "\n\n"
     );
     process.stderr.write("Then run this wizard again:\n");
-    process.stderr.write("  " + style.cyan("npx multicorn-proxy init") + "\n");
+    process.stderr.write("  " + style.cyan("npx multicorn-shield init") + "\n");
     throw new NativePluginPrerequisiteMissingError();
   }
   const installDir = getWindsurfHooksInstallDir();
@@ -770,60 +752,73 @@ function getClaudeDesktopConfigPath() {
       );
   }
 }
-var PLATFORM_LABELS = [
-  "OpenClaw",
-  "Claude Code",
-  "Cursor",
-  "Windsurf",
-  "Cline",
-  "Claude Desktop",
-  "Gemini CLI",
-  "Local MCP / Other"
-];
-var PLATFORM_BY_SELECTION = {
-  1: "openclaw",
-  2: "claude-code",
-  3: "cursor",
-  4: "windsurf",
-  5: "cline",
-  6: "claude-desktop",
-  7: "gemini-cli",
-  8: "other-mcp"
-};
-var DEFAULT_AGENT_NAMES = {
-  openclaw: "my-openclaw-agent",
-  "claude-code": "my-claude-code-agent",
-  cursor: "my-cursor-agent",
-  windsurf: "my-windsurf-agent",
-  cline: "my-cline-agent",
-  "claude-desktop": "my-claude-desktop-agent",
-  "gemini-cli": "my-gemini-cli-agent"
-};
+function platformMenuLabelForSelection(sel) {
+  const slug = PLATFORM_BY_SELECTION[sel];
+  if (slug === void 0) return "Unknown";
+  const entry = INIT_WIZARD_PLATFORM_REGISTRY.find((e) => e.slug === slug);
+  return entry?.displayName ?? slug;
+}
+async function promptHostedProxyInstallPrereq(ask, platformLabel, prereqUrl) {
+  process.stderr.write("\n");
+  process.stderr.write(
+    style.bold("Before continuing, make sure you have ") + platformLabel + style.bold(" installed.") + "\n"
+  );
+  process.stderr.write("  \u2192 " + style.cyan(prereqUrl) + "\n\n");
+  const answer = await ask("Ready to continue? (Y/n) ");
+  return answer.trim().toLowerCase() !== "n";
+}
+function isPlatformDetectedForMenu(slug) {
+  switch (slug) {
+    case "openclaw":
+      return isOpenClawConnected();
+    case "claude-code":
+      return Promise.resolve(isClaudeCodeConnected());
+    case "cursor":
+      return isCursorConnected();
+    case "windsurf":
+      return isWindsurfConnected();
+    default:
+      return Promise.resolve(false);
+  }
+}
 async function promptPlatformSelection(ask) {
   process.stderr.write(
-    "\n" + style.bold(style.violet("Which platform are you connecting?")) + "\n"
+    "\n" + style.bold(style.violet("Which platform are you connecting?")) + "\n\n"
   );
-  const connectedFlags = [
-    await isOpenClawConnected(),
-    isClaudeCodeConnected(),
-    await isCursorConnected(),
-    await isWindsurfConnected()
-  ];
-  for (let i = 0; i < PLATFORM_LABELS.length; i++) {
-    const marker = i < connectedFlags.length && connectedFlags[i] ? " " + style.dim("\u25CF detected locally") : "";
-    process.stderr.write(
-      `  ${style.violet(String(i + 1))}. ${PLATFORM_LABELS[i] ?? ""}${marker}
+  const detectionSlugs = INIT_WIZARD_PLATFORM_REGISTRY.filter((e) => e.detectable).map(
+    (e) => e.slug
+  );
+  const connectedFlags = await Promise.all(
+    detectionSlugs.map((slug) => isPlatformDetectedForMenu(slug))
+  );
+  function markerFor(platform) {
+    const idx = detectionSlugs.indexOf(platform);
+    if (idx === -1) return "";
+    if (!connectedFlags[idx]) return "";
+    return " " + style.dim("\u25CF detected locally");
+  }
+  let optionNum = 1;
+  for (const section of INIT_WIZARD_MENU_SECTIONS) {
+    process.stderr.write("  " + style.dim(section.title) + "\n");
+    for (const item of section.items) {
+      const indent = optionNum >= 10 ? "   " : "    ";
+      process.stderr.write(
+        `${indent}${style.violet(String(optionNum))}. ${item.label}${markerFor(item.platform)}
 `
-    );
+      );
+      optionNum++;
+    }
   }
   process.stderr.write(
-    style.dim("     Pick 8 if you want to wrap a local MCP server with multicorn-proxy --wrap.") + "\n"
+    "\n" + style.dim(
+      `  Pick ${String(INIT_WIZARD_SELECTION_MAX)} to wrap a local MCP server with multicorn-shield --wrap.`
+    ) + "\n"
   );
   let selection = 0;
   while (selection === 0) {
-    const input = await ask("Select (1-8): ");
+    const input = await ask(`Select (1-${String(INIT_WIZARD_SELECTION_MAX)}): `);
     const num = parseInt(input.trim(), 10);
-    if (num >= 1 && num <= 8) {
+    if (num >= 1 && num <= INIT_WIZARD_SELECTION_MAX) {
       selection = num;
     }
   }
@@ -894,12 +889,7 @@ async function promptProxyConfig(ask, agentName) {
     }
     targetUrl = input.trim();
   }
-  const defaultShortName = normalizeAgentName(agentName) || "shield-mcp";
-  const shortNameInput = await ask(
-    `
-Short name (a nickname for this connection, used in your proxy URL): ${style.dim(`(${defaultShortName})`)} `
-  );
-  const shortName = shortNameInput.trim().length > 0 ? normalizeAgentName(shortNameInput.trim()) || defaultShortName : defaultShortName;
+  const shortName = normalizeAgentName(agentName) || "shield-mcp";
   return { targetUrl, shortName };
 }
 async function createProxyConfig(baseUrl, apiKey, agentName, targetUrl, serverName, platform) {
@@ -943,24 +933,84 @@ async function createProxyConfig(baseUrl, apiKey, agentName, targetUrl, serverNa
   const data = envelope["data"];
   return typeof data?.["proxy_url"] === "string" ? data["proxy_url"] : "";
 }
+function gooseHostedProxyYaml(shortName, proxyUrl, bearerHeader) {
+  return `extensions:
+  ${shortName}:
+    type: streamable_http
+    url: ${proxyUrl}
+    headers:
+      Authorization: ${bearerHeader}
+    enabled: true
+    timeout: 300
+`;
+}
 function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
-  const usesInlineKey = platform === "cursor" || platform === "claude-desktop" || platform === "windsurf" || platform === "cline" || platform === "gemini-cli";
+  const hostedInlinePlatforms = /* @__PURE__ */ new Set([
+    "cursor",
+    "claude-desktop",
+    "windsurf",
+    "cline",
+    "gemini-cli",
+    "kilo-code",
+    "github-copilot",
+    "continue-dev",
+    "goose"
+  ]);
+  const usesInlineKey = hostedInlinePlatforms.has(platform);
   const authHeader = usesInlineKey ? `Bearer ${apiKey}` : "Bearer YOUR_SHIELD_API_KEY";
-  const urlKey = platform === "windsurf" ? "serverUrl" : platform === "gemini-cli" ? "httpUrl" : "url";
-  const mcpSnippet = JSON.stringify(
-    {
-      mcpServers: {
-        [shortName]: {
-          [urlKey]: routingToken,
-          headers: {
-            Authorization: authHeader
+  let snippetText;
+  if (platform === "github-copilot") {
+    snippetText = JSON.stringify(
+      {
+        mcp: {
+          servers: {
+            [shortName]: {
+              type: "http",
+              url: routingToken,
+              headers: {
+                Authorization: authHeader
+              }
+            }
           }
         }
-      }
-    },
-    null,
-    2
-  );
+      },
+      null,
+      2
+    );
+  } else if (platform === "goose") {
+    snippetText = gooseHostedProxyYaml(shortName, routingToken, authHeader);
+  } else if (platform === "gemini-cli") {
+    snippetText = JSON.stringify(
+      {
+        mcpServers: {
+          [shortName]: {
+            httpUrl: routingToken,
+            headers: {
+              Authorization: authHeader
+            }
+          }
+        }
+      },
+      null,
+      2
+    );
+  } else {
+    const urlKey = platform === "windsurf" ? "serverUrl" : "url";
+    snippetText = JSON.stringify(
+      {
+        mcpServers: {
+          [shortName]: {
+            [urlKey]: routingToken,
+            headers: {
+              Authorization: authHeader
+            }
+          }
+        }
+      },
+      null,
+      2
+    );
+  }
   if (platform === "openclaw") {
     process.stderr.write("\n" + style.dim("Add this to your OpenClaw agent config:") + "\n\n");
   } else if (platform === "claude-code") {
@@ -994,10 +1044,28 @@ function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
         "Add this to ~/.gemini/settings.json (create the file if it does not exist). For project-specific config, use .gemini/settings.json in your project root. Restart Gemini CLI after saving. Run /mcp to verify the server is connected."
       ) + "\n\n"
     );
+  } else if (platform === "kilo-code") {
+    process.stderr.write(
+      "\n" + style.dim("Add this to .kilocode/mcp.json in your project root.") + "\n\n"
+    );
+  } else if (platform === "github-copilot") {
+    process.stderr.write(
+      "\n" + style.dim(
+        "Open VS Code Settings (JSON) and merge this under the mcp key. If you do not have an mcp section yet, add one. Copilot picks up MCP servers when you use Agent mode."
+      ) + "\n\n"
+    );
+  } else if (platform === "continue-dev") {
+    process.stderr.write(
+      "\n" + style.dim("Save this as .continue/mcpServers/shield.json in your workspace root.") + "\n\n"
+    );
+  } else if (platform === "goose") {
+    process.stderr.write(
+      "\n" + style.dim("Add this to ~/.config/goose/config.yaml under the extensions key.") + "\n\n"
+    );
   } else {
     process.stderr.write("\n" + style.dim("Add this to ~/.cursor/mcp.json:") + "\n\n");
   }
-  process.stderr.write(style.cyan(mcpSnippet) + "\n\n");
+  process.stderr.write(style.cyan(snippetText) + "\n\n");
   if (!usesInlineKey) {
     process.stderr.write(
       style.dim(
@@ -1035,8 +1103,15 @@ function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
       ) + "\n"
     );
   }
+  if (platform === "github-copilot" || platform === "continue-dev") {
+    process.stderr.write(
+      style.dim("Reload the editor window if the MCP server does not appear immediately.") + "\n"
+    );
+  }
+  if (platform === "goose") {
+    process.stderr.write(style.dim("Start a new Goose session after updating config.") + "\n");
+  }
 }
-var DEFAULT_SHIELD_API_BASE_URL = "https://api.multicorn.ai";
 async function runInit(explicitBaseUrl) {
   if (!process.stdin.isTTY) {
     process.stderr.write(
@@ -1124,8 +1199,8 @@ async function runInit(explicitBaseUrl) {
     let postSaveNativeSkipNote = null;
     const selection = await promptPlatformSelection(ask);
     const selectedPlatform = PLATFORM_BY_SELECTION[selection] ?? "cursor";
-    const selectedLabel = PLATFORM_LABELS[selection - 1] ?? "Cursor";
-    if (selection === 8) {
+    const selectedLabel = platformMenuLabelForSelection(selection);
+    if (selectedPlatform === "other-mcp") {
       const raw = existing !== null ? { ...existing } : {};
       raw["apiKey"] = apiKey;
       raw["baseUrl"] = resolvedBaseUrl;
@@ -1140,7 +1215,7 @@ async function runInit(explicitBaseUrl) {
         );
         process.stderr.write(
           "\n" + style.bold("Try it:") + " " + style.cyan(
-            "npx multicorn-proxy --wrap npx @modelcontextprotocol/server-filesystem /tmp"
+            "npx multicorn-shield --wrap npx @modelcontextprotocol/server-filesystem /tmp"
           ) + "\n"
         );
       } catch (error) {
@@ -1175,9 +1250,24 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         continue;
       }
     }
+    const prereqEntry = INIT_WIZARD_PLATFORM_REGISTRY.find((e) => e.slug === selectedPlatform);
+    if (prereqEntry?.prereqUrl !== void 0) {
+      const proceed = await promptHostedProxyInstallPrereq(
+        ask,
+        prereqEntry.displayName,
+        prereqEntry.prereqUrl
+      );
+      if (!proceed) {
+        const another2 = await ask("\nConnect another agent? (Y/n) ");
+        if (another2.trim().toLowerCase() === "n") {
+          configuring = false;
+        }
+        continue;
+      }
+    }
     const agentName = await promptAgentName(ask, selectedPlatform);
     let setupSucceeded = false;
-    if (selection === 1) {
+    if (selectedPlatform === "openclaw") {
       let detection;
       try {
         detection = await detectOpenClaw();
@@ -1190,7 +1280,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
       }
       if (detection.status === "not-found") {
         process.stderr.write(
-          style.red("\u2717") + " OpenClaw is not installed. Install OpenClaw first, then run npx multicorn-proxy init again.\n"
+          style.red("\u2717") + " OpenClaw is not installed. Install OpenClaw first, then run npx multicorn-shield init again.\n"
         );
         rl.close();
         return null;
@@ -1257,7 +1347,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         agentName
       });
       setupSucceeded = true;
-    } else if (selection === 2) {
+    } else if (selectedPlatform === "claude-code") {
       process.stderr.write("\nTo connect Claude Code to Shield:\n\n");
       process.stderr.write(
         "  " + style.bold("Step 1") + " - Add the Multicorn marketplace:\n    " + style.cyan("claude plugin marketplace add Multicorn-AI/multicorn-shield") + "\n\n"
@@ -1275,7 +1365,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         agentName
       });
       setupSucceeded = true;
-    } else if (selection === 4) {
+    } else if (selectedPlatform === "windsurf") {
       const windsurfMode = await promptWindsurfIntegrationMode(ask);
       if (windsurfMode === "native") {
         try {
@@ -1306,7 +1396,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         } catch (error) {
           if (error instanceof NativePluginPrerequisiteMissingError) {
             postSaveNativeSkipNote = nativePluginSkippedSaveNote(
-              "npx multicorn-proxy init",
+              "npx multicorn-shield init",
               "Windsurf"
             );
             configuredAgents.push({
@@ -1363,7 +1453,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
           setupSucceeded = true;
         }
       }
-    } else if (selection === 7) {
+    } else if (selectedPlatform === "gemini-cli") {
       const geminiMode = await promptGeminiCliIntegrationMode(ask);
       if (geminiMode === "native") {
         try {
@@ -1448,7 +1538,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
           setupSucceeded = true;
         }
       }
-    } else if (selection === 5) {
+    } else if (selectedPlatform === "cline") {
       const clineMode = await promptClineIntegrationMode(ask);
       if (clineMode === "native") {
         try {
@@ -1634,6 +1724,26 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         "\n" + style.bold("To complete your Cursor setup:") + "\n  1. If you don't have Cursor yet, download it from " + style.cyan("https://cursor.com/downloads") + "\n  2. Open " + style.cyan("~/.cursor/mcp.json") + " and paste the config snippet shown above\n  3. Restart Cursor (or launch it for the first time) to load the new MCP server\n"
       );
     }
+    if (configuredPlatforms.has("kilo-code")) {
+      blocks.push(
+        "\n" + style.bold("To complete your Kilo Code setup:") + "\n  1. Save the snippet to " + style.cyan(".kilocode/mcp.json") + " in your project root, or under the mcp key in " + style.cyan("kilo.jsonc") + "\n  2. Run your next task in Kilo Code so it picks up the MCP server\n"
+      );
+    }
+    if (configuredPlatforms.has("github-copilot")) {
+      blocks.push(
+        "\n" + style.bold("GitHub Copilot MCP:") + "\n  1. Open VS Code Command Palette: Preferences: Open User Settings (JSON)\n  2. Merge the snippet under the " + style.cyan("mcp") + " key and save\n  3. Use Copilot Agent mode and verify the MCP server connects\n"
+      );
+    }
+    if (configuredPlatforms.has("continue-dev")) {
+      blocks.push(
+        "\n" + style.bold("Continue MCP:") + "\n  1. If you don't have Continue yet, install from " + style.cyan("https://docs.continue.dev/ide-extensions/install") + "\n  2. Save JSON as " + style.cyan(".continue/mcpServers/shield.json") + " in your workspace, or add to " + style.cyan("~/.continue/config.yaml") + "\n  3. Reload VS Code and open Continue agent mode\n"
+      );
+    }
+    if (configuredPlatforms.has("goose")) {
+      blocks.push(
+        "\n" + style.bold("Goose MCP extension:") + "\n  1. Edit " + style.cyan("~/.config/goose/config.yaml") + " (or use goose configure)\n  2. Restart Goose CLI or Desktop\n"
+      );
+    }
     const windsurfNativeConfigured = configuredAgents.some(
       (a) => a.platform === "windsurf" && a.windsurfIntegration === "native"
     );
@@ -1689,22 +1799,144 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
   }
   return lastConfig;
 }
+var style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, PLATFORM_BY_SELECTION, DEFAULT_AGENT_NAMES, DEFAULT_SHIELD_API_BASE_URL;
+var init_config = __esm({
+  "src/proxy/config.ts"() {
+    style = {
+      violet: (s) => `\x1B[38;2;124;58;237m${s}\x1B[0m`,
+      violetLight: (s) => `\x1B[38;2;167;139;250m${s}\x1B[0m`,
+      green: (s) => `\x1B[38;2;34;197;94m${s}\x1B[0m`,
+      yellow: (s) => `\x1B[38;2;245;158;11m${s}\x1B[0m`,
+      red: (s) => `\x1B[38;2;239;68;68m${s}\x1B[0m`,
+      cyan: (s) => `\x1B[38;2;6;182;212m${s}\x1B[0m`,
+      bold: (s) => `\x1B[1m${s}\x1B[0m`,
+      dim: (s) => `\x1B[2m${s}\x1B[0m`
+    };
+    BANNER = [
+      " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588   \u2588\u2588\u2584 ",
+      " \u2588   \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
+      " \u2588\u2588\u2588 \u2588\u2588\u2588\u2588 \u2588 \u2588\u2588  \u2588   \u2588  \u2588",
+      "   \u2588 \u2588  \u2588 \u2588 \u2588   \u2588   \u2588  \u2588",
+      " \u2588\u2588\u2588 \u2588  \u2588 \u2588 \u2588\u2588\u2588 \u2588\u2588\u2588 \u2588\u2588\u2580 "
+    ].map((line) => style.violet(line)).join("\n");
+    NativePluginPrerequisiteMissingError = class extends Error {
+      constructor() {
+        super("Native plugin prerequisites not met");
+        this.name = "NativePluginPrerequisiteMissingError";
+      }
+    };
+    CONFIG_DIR = join(homedir(), ".multicorn");
+    CONFIG_PATH = join(CONFIG_DIR, "config.json");
+    OPENCLAW_CONFIG_PATH = join(homedir(), ".openclaw", "openclaw.json");
+    ANSI_PATTERN = new RegExp(String.fromCharCode(27) + "\\[[0-9;]*[a-zA-Z]", "g");
+    OPENCLAW_MIN_VERSION = "2026.2.26";
+    INIT_WIZARD_PLATFORM_REGISTRY = [
+      { slug: "openclaw", displayName: "OpenClaw", section: "native", detectable: true },
+      { slug: "claude-code", displayName: "Claude Code", section: "native", detectable: true },
+      { slug: "windsurf", displayName: "Windsurf", section: "native", detectable: true },
+      { slug: "cline", displayName: "Cline", section: "native", detectable: false },
+      { slug: "gemini-cli", displayName: "Gemini CLI", section: "native", detectable: false },
+      {
+        slug: "cursor",
+        displayName: "Cursor",
+        section: "hosted",
+        prereqUrl: "https://www.cursor.com/downloads",
+        detectable: true
+      },
+      {
+        slug: "claude-desktop",
+        displayName: "Claude Desktop",
+        section: "hosted",
+        prereqUrl: "https://claude.ai/download",
+        detectable: false
+      },
+      {
+        slug: "github-copilot",
+        displayName: "GitHub Copilot",
+        section: "hosted",
+        prereqUrl: "https://docs.github.com/en/copilot/get-started",
+        detectable: false
+      },
+      {
+        slug: "kilo-code",
+        displayName: "Kilo Code",
+        section: "hosted",
+        prereqUrl: "https://kilocode.ai/docs/getting-started",
+        detectable: false
+      },
+      {
+        slug: "continue-dev",
+        displayName: "Continue",
+        section: "hosted",
+        prereqUrl: "https://docs.continue.dev/ide-extensions/install",
+        detectable: false
+      },
+      {
+        slug: "goose",
+        displayName: "Goose",
+        section: "hosted",
+        prereqUrl: "https://goose-docs.ai/docs/quickstart/",
+        detectable: false
+      },
+      { slug: "other-mcp", displayName: "Local MCP / Other", section: "hosted", detectable: false }
+    ];
+    INIT_WIZARD_MENU_SECTIONS = (() => {
+      const itemsFor = (section) => INIT_WIZARD_PLATFORM_REGISTRY.filter((e) => e.section === section).map((e) => ({
+        platform: e.slug,
+        label: e.displayName
+      }));
+      return [
+        { title: "Recommended (native plugin)", items: itemsFor("native") },
+        { title: "Hosted proxy (MCP only)", items: itemsFor("hosted") }
+      ];
+    })();
+    INIT_WIZARD_SELECTION_MAX = INIT_WIZARD_PLATFORM_REGISTRY.length;
+    PLATFORM_BY_SELECTION = Object.fromEntries(
+      INIT_WIZARD_PLATFORM_REGISTRY.map((e, i) => [i + 1, e.slug])
+    );
+    DEFAULT_AGENT_NAMES = {
+      openclaw: "my-openclaw-agent",
+      "claude-code": "my-claude-code-agent",
+      cursor: "my-cursor-agent",
+      windsurf: "my-windsurf-agent",
+      cline: "my-cline-agent",
+      "claude-desktop": "my-claude-desktop-agent",
+      "gemini-cli": "my-gemini-cli-agent",
+      "kilo-code": "my-kilo-code-agent",
+      "github-copilot": "my-github-copilot-agent",
+      "continue-dev": "my-continue-agent",
+      goose: "my-goose-agent"
+    };
+    DEFAULT_SHIELD_API_BASE_URL = "https://api.multicorn.ai";
+  }
+});
 
 // src/types/index.ts
-var PERMISSION_LEVELS = {
-  Read: "read",
-  Write: "write",
-  Execute: "execute",
-  Publish: "publish",
-  Create: "create"
-};
+var PERMISSION_LEVELS;
+var init_types = __esm({
+  "src/types/index.ts"() {
+    PERMISSION_LEVELS = {
+      Read: "read",
+      Write: "write",
+      Execute: "execute",
+      Publish: "publish",
+      Create: "create"
+    };
+  }
+});
 
 // src/scopes/scope-parser.ts
-var VALID_PERMISSION_LEVELS = new Set(Object.values(PERMISSION_LEVELS));
-[...VALID_PERMISSION_LEVELS].join(", ");
 function formatScope(scope) {
   return `${scope.permissionLevel}:${scope.service}`;
 }
+var VALID_PERMISSION_LEVELS;
+var init_scope_parser = __esm({
+  "src/scopes/scope-parser.ts"() {
+    init_types();
+    VALID_PERMISSION_LEVELS = new Set(Object.values(PERMISSION_LEVELS));
+    [...VALID_PERMISSION_LEVELS].join(", ");
+  }
+});
 
 // src/scopes/scope-validator.ts
 function validateScopeAccess(grantedScopes, requested) {
@@ -1732,6 +1964,11 @@ function hasScope(grantedScopes, requested) {
     (granted) => granted.service === requested.service && granted.permissionLevel === requested.permissionLevel
   );
 }
+var init_scope_validator = __esm({
+  "src/scopes/scope-validator.ts"() {
+    init_scope_parser();
+  }
+});
 
 // src/logger/action-logger.ts
 function createActionLogger(config) {
@@ -1905,6 +2142,10 @@ function createActionLogger(config) {
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
+var init_action_logger = __esm({
+  "src/logger/action-logger.ts"() {
+  }
+});
 
 // src/spending/spending-checker.ts
 function createSpendingChecker(config) {
@@ -2037,13 +2278,12 @@ function validateLimits(limits) {
 function dollarsToCents(dollars) {
   return Math.round(dollars * 100);
 }
+var init_spending_checker = __esm({
+  "src/spending/spending-checker.ts"() {
+  }
+});
 
 // src/proxy/interceptor.ts
-var BLOCKED_ERROR_CODE = -32e3;
-var SPENDING_BLOCKED_ERROR_CODE = -32001;
-var INTERNAL_ERROR_CODE = -32002;
-var SERVICE_UNREACHABLE_ERROR_CODE = -32003;
-var AUTH_ERROR_CODE = -32004;
 function parseJsonRpcLine(line) {
   const trimmed = line.trim();
   if (trimmed.length === 0) return null;
@@ -2111,7 +2351,7 @@ function buildServiceUnreachableResponse(id, dashboardUrl) {
   };
 }
 function buildAuthErrorResponse(id) {
-  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-proxy init to reconfigure.";
+  const message = "Action blocked: Shield API key is invalid or has been revoked. Run npx multicorn-shield init to reconfigure.";
   return {
     jsonrpc: "2.0",
     id,
@@ -2143,9 +2383,16 @@ function capitalize(str) {
   const first = str[0];
   return first !== void 0 ? first.toUpperCase() + str.slice(1) : str;
 }
-var MULTICORN_DIR = join(homedir(), ".multicorn");
-var SCOPES_PATH = join(MULTICORN_DIR, "scopes.json");
-var CACHE_META_PATH = join(MULTICORN_DIR, "cache-meta.json");
+var BLOCKED_ERROR_CODE, SPENDING_BLOCKED_ERROR_CODE, INTERNAL_ERROR_CODE, SERVICE_UNREACHABLE_ERROR_CODE, AUTH_ERROR_CODE;
+var init_interceptor = __esm({
+  "src/proxy/interceptor.ts"() {
+    BLOCKED_ERROR_CODE = -32e3;
+    SPENDING_BLOCKED_ERROR_CODE = -32001;
+    INTERNAL_ERROR_CODE = -32002;
+    SERVICE_UNREACHABLE_ERROR_CODE = -32003;
+    AUTH_ERROR_CODE = -32004;
+  }
+});
 function cacheKey(agentName, apiKey) {
   return createHash("sha256").update(`${agentName}:${apiKey}`).digest("hex").slice(0, 16);
 }
@@ -2216,10 +2463,14 @@ async function saveCachedScopes(agentName, agentId, scopes, apiKey) {
 function isScopesCacheFile(value) {
   return typeof value === "object" && value !== null;
 }
-
-// src/proxy/consent.ts
-var CONSENT_POLL_INTERVAL_MS = 3e3;
-var CONSENT_POLL_TIMEOUT_MS = 5 * 60 * 1e3;
+var MULTICORN_DIR, SCOPES_PATH, CACHE_META_PATH;
+var init_scope_cache = __esm({
+  "src/openclaw/scope-cache.ts"() {
+    MULTICORN_DIR = join(homedir(), ".multicorn");
+    SCOPES_PATH = join(MULTICORN_DIR, "scopes.json");
+    CACHE_META_PATH = join(MULTICORN_DIR, "cache-meta.json");
+  }
+});
 function deriveDashboardUrl(baseUrl) {
   try {
     const url = new URL(baseUrl);
@@ -2244,13 +2495,6 @@ function deriveDashboardUrl(baseUrl) {
     return "https://app.multicorn.ai";
   }
 }
-var ShieldAuthError = class _ShieldAuthError extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "ShieldAuthError";
-    Object.setPrototypeOf(this, _ShieldAuthError.prototype);
-  }
-};
 async function findAgentByName(agentName, apiKey, baseUrl) {
   let response;
   try {
@@ -2443,13 +2687,25 @@ function isPermissionShape(value) {
   const obj = value;
   return typeof obj["service"] === "string" && typeof obj["read"] === "boolean" && typeof obj["write"] === "boolean" && typeof obj["execute"] === "boolean" && (obj["revoked_at"] === null || obj["revoked_at"] === void 0 || typeof obj["revoked_at"] === "string");
 }
-
-// src/proxy/index.ts
-var DEFAULT_SCOPE_REFRESH_INTERVAL_MS = 6e4;
+var CONSENT_POLL_INTERVAL_MS, CONSENT_POLL_TIMEOUT_MS, ShieldAuthError;
+var init_consent = __esm({
+  "src/proxy/consent.ts"() {
+    init_scope_cache();
+    CONSENT_POLL_INTERVAL_MS = 3e3;
+    CONSENT_POLL_TIMEOUT_MS = 5 * 60 * 1e3;
+    ShieldAuthError = class _ShieldAuthError extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "ShieldAuthError";
+        Object.setPrototypeOf(this, _ShieldAuthError.prototype);
+      }
+    };
+  }
+});
 function createProxyServer(config) {
   if (!config.baseUrl.startsWith("https://") && !config.baseUrl.startsWith("http://localhost") && !config.baseUrl.startsWith("http://127.0.0.1")) {
     throw new Error(
-      `[multicorn-proxy] Base URL must use HTTPS. Received: "${config.baseUrl}". Use https:// or http://localhost for local development.`
+      `[multicorn-shield] Base URL must use HTTPS. Received: "${config.baseUrl}". Use https:// or http://localhost for local development.`
     );
   }
   let child = null;
@@ -2546,7 +2802,7 @@ function createProxyServer(config) {
           if (actionLogger !== null) {
             if (!config.agentName || config.agentName.trim().length === 0) {
               process.stderr.write(
-                "[multicorn-proxy] Cannot log action: agent name not resolved\n"
+                "[multicorn-shield] Cannot log action: agent name not resolved\n"
               );
             } else {
               config.logger.debug("Logging blocked action (post-consent).", {
@@ -2576,7 +2832,7 @@ function createProxyServer(config) {
             if (actionLogger !== null) {
               if (!config.agentName || config.agentName.trim().length === 0) {
                 process.stderr.write(
-                  "[multicorn-proxy] Cannot log action: agent name not resolved\n"
+                  "[multicorn-shield] Cannot log action: agent name not resolved\n"
                 );
               } else {
                 config.logger.debug("Logging blocked action (spending).", {
@@ -2605,7 +2861,7 @@ function createProxyServer(config) {
       }
       if (actionLogger !== null) {
         if (!config.agentName || config.agentName.trim().length === 0) {
-          process.stderr.write("[multicorn-proxy] Cannot log action: agent name not resolved\n");
+          process.stderr.write("[multicorn-shield] Cannot log action: agent name not resolved\n");
         } else {
           config.logger.debug("Logging approved action.", {
             agent: config.agentName,
@@ -2687,7 +2943,7 @@ function createProxyServer(config) {
         agent: config.agentName
       });
       process.stderr.write(
-        "\nError: API key was rejected by the Multicorn service.\nCheck your key at https://app.multicorn.ai/settings#api-keys or run `npx multicorn-proxy init` to reconfigure.\n\n"
+        "\nError: API key was rejected by the Multicorn service.\nCheck your key at https://app.multicorn.ai/settings#api-keys or run `npx multicorn-shield init` to reconfigure.\n\n"
       );
       throw new Error("API key was rejected by the Multicorn service.");
     }
@@ -2760,12 +3016,17 @@ function extractCostCents(args) {
   if (typeof amount !== "number" || !Number.isFinite(amount) || amount <= 0) return 0;
   return dollarsToCents(amount);
 }
-var LOG_LEVELS = {
-  debug: 0,
-  info: 1,
-  warn: 2,
-  error: 3
-};
+var DEFAULT_SCOPE_REFRESH_INTERVAL_MS;
+var init_proxy = __esm({
+  "src/proxy/index.ts"() {
+    init_scope_validator();
+    init_action_logger();
+    init_spending_checker();
+    init_interceptor();
+    init_consent();
+    DEFAULT_SCOPE_REFRESH_INTERVAL_MS = 6e4;
+  }
+});
 function createLogger(level, output = process.stderr) {
   const minLevel = LOG_LEVELS[level];
   function write(logLevel, msg, data) {
@@ -2796,8 +3057,93 @@ function createLogger(level, output = process.stderr) {
 function isValidLogLevel(value) {
   return typeof value === "string" && Object.hasOwn(LOG_LEVELS, value);
 }
+var LOG_LEVELS;
+var init_logger = __esm({
+  "src/proxy/logger.ts"() {
+    LOG_LEVELS = {
+      debug: 0,
+      info: 1,
+      warn: 2,
+      error: 3
+    };
+  }
+});
+function getExtensionBackupPath() {
+  return join(homedir(), ".multicorn", EXTENSION_BACKUP_FILENAME);
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+async function readExtensionBackup() {
+  try {
+    const raw = await readFile(getExtensionBackupPath(), "utf8");
+    const parsed = JSON.parse(raw);
+    if (!isRecord(parsed)) return null;
+    if (parsed["version"] !== 1) return null;
+    if (typeof parsed["createdAt"] !== "string") return null;
+    if (typeof parsed["claudeDesktopConfigPath"] !== "string") return null;
+    const mcpServers = parsed["mcpServers"];
+    if (!isRecord(mcpServers)) return null;
+    return {
+      version: 1,
+      createdAt: parsed["createdAt"],
+      claudeDesktopConfigPath: parsed["claudeDesktopConfigPath"],
+      mcpServers
+    };
+  } catch {
+    return null;
+  }
+}
+var EXTENSION_BACKUP_FILENAME;
+var init_config_reader = __esm({
+  "src/extension/config-reader.ts"() {
+    EXTENSION_BACKUP_FILENAME = "extension-backup.json";
+  }
+});
+function isErrnoException2(e) {
+  return typeof e === "object" && e !== null && "code" in e;
+}
+function isRecord2(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+async function restoreClaudeDesktopMcpFromBackup() {
+  const backup = await readExtensionBackup();
+  if (backup === null) {
+    throw new Error(
+      "No Shield extension backup found. Expected ~/.multicorn/extension-backup.json from a previous Shield Desktop Extension session."
+    );
+  }
+  const configPath = getClaudeDesktopConfigPath();
+  let root = {};
+  try {
+    const raw = await readFile(configPath, "utf8");
+    const parsed = JSON.parse(raw);
+    if (isRecord2(parsed)) {
+      root = parsed;
+    }
+  } catch (error) {
+    if (!isErrnoException2(error) || error.code !== "ENOENT") {
+      throw error;
+    }
+  }
+  root["mcpServers"] = backup.mcpServers;
+  await mkdir(dirname(configPath), { recursive: true });
+  await writeFile(configPath, JSON.stringify(root, null, 2) + "\n", { encoding: "utf8" });
+}
+var init_restore = __esm({
+  "src/extension/restore.ts"() {
+    init_config();
+    init_config_reader();
+  }
+});
 
-// bin/multicorn-proxy.ts
+// bin/multicorn-shield.ts
+var multicorn_shield_exports = {};
+__export(multicorn_shield_exports, {
+  parseArgs: () => parseArgs,
+  resolveWrapConfig: () => resolveWrapConfig,
+  runCli: () => runCli
+});
 function parseArgs(argv) {
   const args = argv.slice(2);
   let subcommand = "help";
@@ -2820,7 +3166,7 @@ function parseArgs(argv) {
       const name = args[i + 1];
       if (name === void 0 || name.startsWith("-")) {
         process.stderr.write("Error: delete-agent requires an agent name.\n");
-        process.stderr.write("Example: npx multicorn-proxy delete-agent my-agent\n");
+        process.stderr.write("Example: npx multicorn-shield delete-agent my-agent\n");
         process.exit(1);
       }
       deleteAgentName = name;
@@ -2872,7 +3218,7 @@ function parseArgs(argv) {
       }
       if (remaining.length === 0) {
         process.stderr.write("Error: --wrap requires a command to run.\n");
-        process.stderr.write("Example: npx multicorn-proxy --wrap my-mcp-server\n");
+        process.stderr.write("Example: npx multicorn-shield --wrap my-mcp-server\n");
         process.exit(1);
       }
       wrapCommand = remaining[0] ?? "";
@@ -2925,19 +3271,22 @@ function parseArgs(argv) {
 function printHelp() {
   process.stderr.write(
     [
-      "multicorn-proxy: MCP permission proxy",
+      "multicorn-shield: MCP permission proxy and Shield setup",
       "",
       "Usage:",
-      "  npx multicorn-proxy init",
+      "  npx multicorn-shield init",
       "      Interactive setup. Saves API key to ~/.multicorn/config.json.",
       "",
-      "  npx multicorn-proxy agents",
+      "  npx multicorn-shield restore",
+      "      Restore MCP servers in claude_desktop_config.json from the Shield extension backup.",
+      "",
+      "  npx multicorn-shield agents",
       "      List configured agents and show which is the default.",
       "",
-      "  npx multicorn-proxy delete-agent <name>",
+      "  npx multicorn-shield delete-agent <name>",
       "      Remove a saved agent.",
       "",
-      "  npx multicorn-proxy --wrap <command> [args...]",
+      "  npx multicorn-shield --wrap <command> [args...]",
       "      Start <command> as an MCP server and proxy all tool calls through",
       "      Shield's permission layer.",
       "",
@@ -2949,14 +3298,22 @@ function printHelp() {
       "  --agent-name <name>   Override agent name derived from the wrapped command",
       "",
       "Examples:",
-      "  npx multicorn-proxy init",
-      "  npx multicorn-proxy --wrap npx @modelcontextprotocol/server-filesystem /tmp",
-      "  npx multicorn-proxy --wrap my-mcp-server --log-level debug",
+      "  npx multicorn-shield init",
+      "  npx multicorn-shield --wrap npx @modelcontextprotocol/server-filesystem /tmp",
+      "  npx multicorn-shield --wrap my-mcp-server --log-level debug",
       ""
     ].join("\n")
   );
 }
-async function main() {
+async function runCli() {
+  const first = process.argv[2];
+  if (first === "restore") {
+    await restoreClaudeDesktopMcpFromBackup();
+    process.stderr.write(
+      "Restored MCP server entries from ~/.multicorn/extension-backup.json into Claude Desktop config.\nRestart Claude Desktop to apply changes.\n"
+    );
+    return;
+  }
   const cli = parseArgs(process.argv);
   const logger = createLogger(cli.logLevel);
   if (cli.subcommand === "help") {
@@ -2971,13 +3328,13 @@ async function main() {
     const config2 = await loadConfig();
     if (config2 === null) {
       process.stderr.write(
-        "No config found. Run `npx multicorn-proxy init` to set up your API key.\n"
+        "No config found. Run `npx multicorn-shield init` to set up your API key.\n"
       );
       process.exit(1);
     }
     const agents = collectAgentsFromConfig(config2);
     if (agents.length === 0) {
-      process.stderr.write("No agents configured. Run `npx multicorn-proxy init` to add one.\n");
+      process.stderr.write("No agents configured. Run `npx multicorn-shield init` to add one.\n");
       process.exit(0);
     }
     const def = config2.defaultAgent;
@@ -3067,7 +3424,7 @@ async function resolveWrapConfig(cli, logger) {
     return config;
   }
   process.stderr.write(
-    "No API key found. Provide one via the --api-key flag, the MULTICORN_API_KEY environment variable, or run `npx multicorn-proxy init` to set up a config file.\n"
+    "No API key found. Provide one via the --api-key flag, the MULTICORN_API_KEY environment variable, or run `npx multicorn-shield init` to set up a config file.\n"
   );
   process.exit(1);
 }
@@ -3095,14 +3452,32 @@ function deriveAgentName(command) {
   const base = command.split("/").pop() ?? command;
   return base.replace(/\.[cm]?[jt]s$/, "");
 }
-var isDirectRun = process.argv[1] !== void 0 && (import.meta.url.endsWith(process.argv[1]) || import.meta.url === `file://${process.argv[1]}` || import.meta.url.endsWith("/multicorn-proxy.js") || import.meta.url.endsWith("/multicorn-proxy.ts"));
-if (isDirectRun && process.env["VITEST"] === void 0) {
-  main().catch((error) => {
-    const message = error instanceof Error ? error.message : String(error);
-    process.stderr.write(`Fatal error: ${message}
+var isDirectRun;
+var init_multicorn_shield = __esm({
+  "bin/multicorn-shield.ts"() {
+    init_config();
+    init_proxy();
+    init_logger();
+    init_consent();
+    init_restore();
+    isDirectRun = process.argv[1] !== void 0 && (import.meta.url.endsWith(process.argv[1]) || import.meta.url === `file://${process.argv[1]}` || import.meta.url.endsWith("/multicorn-shield.js") || import.meta.url.endsWith("/multicorn-shield.ts"));
+    if (isDirectRun && process.env["VITEST"] === void 0) {
+      runCli().catch((error) => {
+        const message = error instanceof Error ? error.message : String(error);
+        process.stderr.write(`Fatal error: ${message}
 `);
-    process.exit(1);
-  });
-}
+        process.exit(1);
+      });
+    }
+  }
+});
 
-export { parseArgs, resolveWrapConfig };
+// bin/multicorn-proxy.ts
+process.stderr.write("Warning: multicorn-proxy is deprecated. Use multicorn-shield instead.\n");
+var { runCli: runCli2 } = await Promise.resolve().then(() => (init_multicorn_shield(), multicorn_shield_exports));
+void runCli2().catch((error) => {
+  const message = error instanceof Error ? error.message : String(error);
+  process.stderr.write(`Fatal error: ${message}
+`);
+  process.exit(1);
+});