multicorn-shield 0.6.0 → 0.6.2

package/README.md

@@ -1,4 +1,4 @@
-![Multicorn Shield](readme-header.svg)
+![Multicorn Shield](https://multicorn.ai/images/og-image-shield.png)
 
 # Multicorn Shield
 
@@ -196,7 +196,7 @@ With the dashboard you can:
 The dashboard works with both the SDK integration and the MCP proxy. No extra setup needed.
 
 <p align="center">
-  <img src="https://app.multicorn.ai/og-image-shield.png" alt="Dashboard overview showing total actions, blocked count, spend, and live activity feed" width="800" />
+  <img src="https://multicorn.ai/images/og-image-shield.png" alt="Dashboard overview showing total actions, blocked count, spend, and live activity feed" width="800" />
 </p>
 
 <p align="center">

package/dist/multicorn-proxy.js

@@ -94,32 +94,69 @@ function collectAgentsFromConfig(cfg) {
   }
   return [];
 }
-async function loadConfig() {
+async function parseConfigFile() {
   try {
     const raw = await readFile(CONFIG_PATH, "utf8");
-    const parsed = JSON.parse(raw);
-    if (!isProxyConfig(parsed)) return null;
-    const obj = parsed;
-    const agentNameRaw = obj["agentName"];
-    const agentsRaw = obj["agents"];
-    const hasNonEmptyAgents = Array.isArray(agentsRaw) && agentsRaw.length > 0 && agentsRaw.every((e) => isAgentEntry(e));
-    const needsMigrate = typeof agentNameRaw === "string" && agentNameRaw.length > 0 && !hasNonEmptyAgents;
-    if (!needsMigrate) {
-      return parsed;
-    }
-    const platform = typeof obj["platform"] === "string" && obj["platform"].length > 0 ? obj["platform"] : "unknown";
-    const next = { ...obj };
-    delete next["agentName"];
-    delete next["platform"];
-    next["agents"] = [{ name: agentNameRaw, platform }];
-    next["defaultAgent"] = agentNameRaw;
-    const migrated = next;
-    await saveConfig(migrated);
-    return migrated;
-  } catch {
-    return null;
+    try {
+      return { kind: "ok", value: JSON.parse(raw) };
+    } catch {
+      return { kind: "parseError" };
+    }
+  } catch (error) {
+    if (isErrnoException(error) && error.code === "ENOENT") {
+      return { kind: "missing" };
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    return { kind: "readError", message };
   }
 }
+function isAllowedShieldApiBaseUrl(url) {
+  return url.startsWith("https://") || url.startsWith("http://localhost") || url.startsWith("http://127.0.0.1");
+}
+async function loadConfig() {
+  const result = await parseConfigFile();
+  if (result.kind !== "ok") return null;
+  const parsed = result.value;
+  if (!isProxyConfig(parsed)) return null;
+  const obj = parsed;
+  const agentNameRaw = obj["agentName"];
+  const agentsRaw = obj["agents"];
+  const hasNonEmptyAgents = Array.isArray(agentsRaw) && agentsRaw.length > 0 && agentsRaw.every((e) => isAgentEntry(e));
+  const needsMigrate = typeof agentNameRaw === "string" && agentNameRaw.length > 0 && !hasNonEmptyAgents;
+  if (!needsMigrate) {
+    return parsed;
+  }
+  const platform = typeof obj["platform"] === "string" && obj["platform"].length > 0 ? obj["platform"] : "unknown";
+  const next = { ...obj };
+  delete next["agentName"];
+  delete next["platform"];
+  next["agents"] = [{ name: agentNameRaw, platform }];
+  next["defaultAgent"] = agentNameRaw;
+  const migrated = next;
+  await saveConfig(migrated);
+  return migrated;
+}
+async function readBaseUrlFromConfig() {
+  const result = await parseConfigFile();
+  if (result.kind === "missing") return void 0;
+  if (result.kind === "readError") {
+    process.stderr.write(
+      style.yellow(`Warning: could not read base URL from config file: ${result.message}`) + "\n"
+    );
+    return void 0;
+  }
+  if (result.kind === "parseError") {
+    process.stderr.write(
+      style.yellow("Warning: could not parse ~/.multicorn/config.json as JSON.") + "\n"
+    );
+    return void 0;
+  }
+  const parsed = result.value;
+  if (typeof parsed !== "object" || parsed === null) return void 0;
+  const u = parsed["baseUrl"];
+  if (typeof u !== "string" || u.length === 0) return void 0;
+  return u;
+}
 async function deleteAgentByName(name) {
   const config = await loadConfig();
   if (config === null) return false;
@@ -507,7 +544,8 @@ function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
     );
   }
 }
-async function runInit(baseUrl = "https://api.multicorn.ai") {
+var DEFAULT_SHIELD_API_BASE_URL = "https://api.multicorn.ai";
+async function runInit(explicitBaseUrl) {
   if (!process.stdin.isTTY) {
     process.stderr.write(
       style.red("Error: interactive terminal required. Cannot run init with piped input.") + "\n"
@@ -525,16 +563,29 @@ async function runInit(baseUrl = "https://api.multicorn.ai") {
     style.dim("Get your API key at https://app.multicorn.ai/settings/api-keys") + "\n\n"
   );
   const existing = await loadConfig().catch(() => null);
-  if (baseUrl === "https://api.multicorn.ai") {
-    if (existing !== null && existing.baseUrl.length > 0) {
-      baseUrl = existing.baseUrl;
+  let resolvedBaseUrl;
+  if (explicitBaseUrl !== void 0 && explicitBaseUrl.trim().length > 0) {
+    resolvedBaseUrl = explicitBaseUrl.trim();
+  } else if (existing !== null && existing.baseUrl.length > 0) {
+    resolvedBaseUrl = existing.baseUrl;
+  } else {
+    const fromFile = await readBaseUrlFromConfig();
+    if (fromFile !== void 0 && fromFile.length > 0) {
+      resolvedBaseUrl = fromFile;
     } else {
       const envBaseUrl = process.env["MULTICORN_BASE_URL"];
-      if (envBaseUrl !== void 0 && envBaseUrl.length > 0) {
-        baseUrl = envBaseUrl;
-      }
+      resolvedBaseUrl = envBaseUrl !== void 0 && envBaseUrl.trim().length > 0 ? envBaseUrl.trim() : DEFAULT_SHIELD_API_BASE_URL;
     }
   }
+  if (!isAllowedShieldApiBaseUrl(resolvedBaseUrl)) {
+    process.stderr.write(
+      style.red(
+        "Base URL must use HTTPS (or http://localhost for local development). Received a non-HTTPS URL from config. Use --base-url to override."
+      ) + "\n"
+    );
+    rl.close();
+    return null;
+  }
   let apiKey = "";
   if (existing !== null && existing.apiKey.startsWith("mcs_") && existing.apiKey.length >= 8) {
     const masked = "mcs_..." + existing.apiKey.slice(-4);
@@ -554,7 +605,7 @@ async function runInit(baseUrl = "https://api.multicorn.ai") {
     const spinner = withSpinner("Validating key...");
     let result;
     try {
-      result = await validateApiKey(key, baseUrl);
+      result = await validateApiKey(key, resolvedBaseUrl);
     } catch (error) {
       spinner.stop(false, "Validation failed");
       throw error;
@@ -566,18 +617,11 @@ async function runInit(baseUrl = "https://api.multicorn.ai") {
     spinner.stop(true, "Key validated");
     apiKey = key;
   }
-  if (!baseUrl.startsWith("https://") && !baseUrl.startsWith("http://localhost") && !baseUrl.startsWith("http://127.0.0.1")) {
-    process.stderr.write(
-      style.red(`\u2717 Shield API base URL must use HTTPS. Got: ${baseUrl}`) + "\n"
-    );
-    rl.close();
-    return null;
-  }
   const configuredAgents = [];
   let currentAgents = collectAgentsFromConfig(existing);
   let lastConfig = {
     apiKey,
-    baseUrl,
+    baseUrl: resolvedBaseUrl,
     ...currentAgents.length > 0 ? {
       agents: currentAgents,
       defaultAgent: existing !== null && typeof existing.defaultAgent === "string" && existing.defaultAgent.length > 0 ? existing.defaultAgent : currentAgents[currentAgents.length - 1]?.name ?? ""
@@ -657,7 +701,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         }
         const spinner = withSpinner("Updating OpenClaw config...");
         try {
-          const result = await updateOpenClawConfigIfPresent(apiKey, baseUrl, agentName);
+          const result = await updateOpenClawConfigIfPresent(apiKey, resolvedBaseUrl, agentName);
           if (result === "not-found") {
             spinner.stop(false, "OpenClaw config disappeared unexpectedly.");
             rl.close();
@@ -712,7 +756,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
         const spinner = withSpinner("Creating proxy config...");
         try {
           proxyUrl = await createProxyConfig(
-            baseUrl,
+            resolvedBaseUrl,
             apiKey,
             agentName,
             targetUrl,
@@ -750,7 +794,7 @@ An agent for ${selectedLabel} already exists: ${style.cyan(existingForPlatform.n
       currentAgents.push({ name: agentName, platform: selectedPlatform });
       const raw = existing !== null ? { ...existing } : {};
       raw["apiKey"] = apiKey;
-      raw["baseUrl"] = baseUrl;
+      raw["baseUrl"] = resolvedBaseUrl;
       raw["agents"] = currentAgents;
       raw["defaultAgent"] = agentName;
       delete raw["agentName"];
@@ -1920,7 +1964,7 @@ function parseArgs(argv) {
   let wrapCommand = "";
   let wrapArgs = [];
   let logLevel = "info";
-  let baseUrl = "https://api.multicorn.ai";
+  let baseUrl = void 0;
   let dashboardUrl = "";
   let agentName = "";
   let deleteAgentName = "";
@@ -2098,13 +2142,13 @@ async function main() {
 `);
     return;
   }
-  if (!cli.baseUrl.startsWith("https://") && !cli.baseUrl.startsWith("http://localhost") && !cli.baseUrl.startsWith("http://127.0.0.1")) {
-    process.stderr.write(
-      `Error: --base-url must use HTTPS. Received: "${cli.baseUrl}"
-Use https:// or http://localhost for local development.
-`
-    );
-    process.exit(1);
+  if (cli.baseUrl !== void 0 && cli.baseUrl.length > 0) {
+    if (!isAllowedShieldApiBaseUrl(cli.baseUrl)) {
+      process.stderr.write(
+        "Error: --base-url must use HTTPS. Received a non-HTTPS URL.\nUse https:// or http://localhost for local development.\n"
+      );
+      process.exit(1);
+    }
   }
   const config = await loadConfig();
   if (config === null) {
@@ -2113,8 +2157,16 @@ Use https:// or http://localhost for local development.
     );
     process.exit(1);
   }
+  const finalBaseUrl = cli.baseUrl !== void 0 && cli.baseUrl.length > 0 ? cli.baseUrl : config.baseUrl;
+  if (cli.baseUrl === void 0 || cli.baseUrl.length === 0) {
+    if (!isAllowedShieldApiBaseUrl(finalBaseUrl)) {
+      process.stderr.write(
+        "Error: --base-url must use HTTPS. Received a non-HTTPS URL.\nUse https:// or http://localhost for local development.\n"
+      );
+      process.exit(1);
+    }
+  }
   const agentName = resolveWrapAgentName(cli, config);
-  const finalBaseUrl = cli.baseUrl !== "https://api.multicorn.ai" ? cli.baseUrl : config.baseUrl;
   const finalDashboardUrl = cli.dashboardUrl !== "" ? cli.dashboardUrl : deriveDashboardUrl(finalBaseUrl);
   const legacyPlatform = config.platform;
   const platformForServer = typeof legacyPlatform === "string" && legacyPlatform.length > 0 ? legacyPlatform : "other-mcp";

package/dist/shield-extension.js

@@ -22358,7 +22358,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "0.6.0"};
+  version: "0.6.2"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "type": "module",