npm - multicorn-shield - Versions diffs - 0.9.0 → 0.10.0 - Mend

multicorn-shield 0.9.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js CHANGED Viewed

@@ -285,6 +285,39 @@ function hasScope(grantedScopes, requested) {
   );
 }
+// src/scopes/content-review-detector.ts
+function requiresContentReview(scope) {
+  if (scope.service === "web" && scope.permissionLevel === "publish") {
+    return true;
+  }
+  if (scope.service === "public_content" && scope.permissionLevel === "create") {
+    return true;
+  }
+  return false;
+}
+function isPublicContentAction(toolName, service) {
+  const lowerToolName = toolName.toLowerCase();
+  const lowerService = service.toLowerCase();
+  if (lowerService === "web" || lowerService === "public_content") {
+    return true;
+  }
+  const publicContentIndicators = [
+    "publish",
+    "public",
+    "web",
+    "blog",
+    "post",
+    "article",
+    "social",
+    "twitter",
+    "facebook",
+    "linkedin",
+    "github_pages",
+    "deploy"
+  ];
+  return publicContentIndicators.some((indicator) => lowerToolName.includes(indicator));
+}
 // src/consent/scope-labels.ts
 var SERVICE_DISPLAY_NAMES = {
   gmail: "Gmail",
@@ -1876,37 +1909,215 @@ function centsToDollars(cents) {
   })}`;
 }
-// src/scopes/content-review-detector.ts
-function requiresContentReview(scope) {
-  if (scope.service === "web" && scope.permissionLevel === "publish") {
-    return true;
+// src/openclaw/shield-client.ts
+var REQUEST_TIMEOUT_MS = 5e3;
+var AUTH_HEADER = "X-Multicorn-Key";
+var POLL_INTERVAL_MS = 3e3;
+var MAX_POLLS = 100;
+var POLL_TIMEOUT_MS = POLL_INTERVAL_MS * MAX_POLLS;
+var authErrorLogged = false;
+function isApiSuccess(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return obj["success"] === true;
+}
+function isContentReviewStatusResponse(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj["id"] === "string" && typeof obj["status"] === "string" && ["pending", "approved", "blocked", "timeout"].includes(obj["status"]);
+}
+function readApiErrorCode(body) {
+  if (typeof body !== "object" || body === null) return void 0;
+  const err = body["error"];
+  if (typeof err !== "object" || err === null) return void 0;
+  const code = err["code"];
+  return typeof code === "string" ? code : void 0;
+}
+function isPlanTierInsufficientError(status, body) {
+  return status === 403 && readApiErrorCode(body) === "PLAN_TIER_INSUFFICIENT";
+}
+function handleHttpError(status, logger, retryDelaySeconds) {
+  if (status === 401 || status === 403) {
+    if (!authErrorLogged) {
+      authErrorLogged = true;
+      const errorMsg = "[multicorn-shield] ERROR: Authentication failed. Your MULTICORN_API_KEY is invalid or expired. Check the key in your OpenClaw config (~/.openclaw/openclaw.json \u2192 plugins.entries.multicorn-shield.env.MULTICORN_API_KEY). Get a valid key from your Multicorn dashboard (Settings \u2192 API Keys).";
+      logger?.error(errorMsg);
+      process.stderr.write(`${errorMsg}
+`);
+    }
+    return { shouldBlock: true };
+  }
+  if (status === 429) {
+    if (retryDelaySeconds !== void 0) {
+      const rateLimitMsg = `[multicorn-shield] Rate limited by Shield API. Retrying in ${String(retryDelaySeconds)}s.`;
+      logger?.warn(rateLimitMsg);
+      process.stderr.write(`${rateLimitMsg}
+`);
+    } else {
+      const rateLimitMsg = "[multicorn-shield] Rate limited by Shield API. Action blocked: Shield cannot verify permissions.";
+      logger?.warn(rateLimitMsg);
+      process.stderr.write(`${rateLimitMsg}
+`);
+    }
+    return { shouldBlock: true };
   }
-  if (scope.service === "public_content" && scope.permissionLevel === "create") {
-    return true;
+  if (status >= 500 && status < 600) {
+    const serverErrorMsg = `[multicorn-shield] Shield API error (${String(status)}). Action blocked: Shield cannot verify permissions.`;
+    logger?.warn(serverErrorMsg);
+    process.stderr.write(`${serverErrorMsg}
+`);
+    return { shouldBlock: true };
   }
-  return false;
+  return { shouldBlock: true };
 }
-function isPublicContentAction(toolName, service) {
-  const lowerToolName = toolName.toLowerCase();
-  const lowerService = service.toLowerCase();
-  if (lowerService === "web" || lowerService === "public_content") {
-    return true;
+async function pollContentReviewStatus(reviewId, apiKey, baseUrl, logger) {
+  const startTime = Date.now();
+  const logDebug = logger?.debug?.bind(logger);
+  for (let pollCount = 0; pollCount < MAX_POLLS; pollCount++) {
+    if (Date.now() - startTime >= POLL_TIMEOUT_MS) {
+      return { status: "timeout", reason: "decision_window_exceeded", reviewId };
+    }
+    let row = null;
+    for (let retry = 0; retry < 3; retry++) {
+      try {
+        const response = await fetch(`${baseUrl}/api/v1/content-reviews/${reviewId}/status`, {
+          headers: { [AUTH_HEADER]: apiKey },
+          signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+        });
+        if (!response.ok) {
+          if (response.status === 404) {
+            return { status: "blocked", reason: "review_not_found", reviewId };
+          }
+          const errBody = await response.json().catch(() => null);
+          if (isPlanTierInsufficientError(response.status, errBody)) {
+            return { status: "blocked", reason: "plan_tier_insufficient", reviewId };
+          }
+          if (response.status === 401 || response.status === 403) {
+            handleHttpError(response.status, logger);
+            return { status: "blocked", reason: "auth_error", reviewId };
+          }
+          if (response.status === 429 || response.status >= 500 && response.status < 600) {
+            const retryDelay = retry < 2 ? Math.pow(2, retry) : void 0;
+            handleHttpError(response.status, logger, retryDelay);
+          }
+          logDebug?.(
+            `Content review poll ${String(pollCount + 1)} failed: HTTP ${String(response.status)}. Retrying...`
+          );
+          if (retry < 2) {
+            await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
+          }
+          continue;
+        }
+        const body = await response.json();
+        if (!isApiSuccess(body)) {
+          logDebug?.(
+            `Content review poll ${String(pollCount + 1)} failed: invalid response format. Retrying...`
+          );
+          if (retry < 2) {
+            await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
+          }
+          continue;
+        }
+        const statusData = body.data;
+        if (!isContentReviewStatusResponse(statusData)) {
+          logDebug?.(
+            `Content review poll ${String(pollCount + 1)} failed: invalid status data. Retrying...`
+          );
+          if (retry < 2) {
+            await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
+          }
+          continue;
+        }
+        row = statusData;
+        break;
+      } catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logDebug?.(
+          `Content review poll ${String(pollCount + 1)} failed: ${errorMessage}. Retrying...`
+        );
+        if (retry < 2) {
+          await new Promise((resolve) => setTimeout(resolve, 1e3 * Math.pow(2, retry)));
+        }
+      }
+    }
+    if (row !== null) {
+      if (row.status === "approved") {
+        return { status: "approved", reviewId };
+      }
+      if (row.status === "blocked") {
+        return { status: "blocked", reason: "blocked_by_reviewer", reviewId };
+      }
+      if (row.status === "timeout") {
+        return { status: "timeout", reason: "decision_window_exceeded", reviewId };
+      }
+      if (pollCount < MAX_POLLS - 1) {
+        await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+      }
+    } else {
+      logDebug?.(
+        `All retries failed for content review poll ${String(pollCount + 1)}. Continuing...`
+      );
+      if (pollCount < MAX_POLLS - 1) {
+        await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+      }
+    }
+  }
+  return { status: "timeout", reason: "decision_window_exceeded", reviewId };
+}
+async function requestContentReview(payload, apiKey, baseUrl, logger) {
+  try {
+    const response = await fetch(`${baseUrl}/api/v1/actions`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        [AUTH_HEADER]: apiKey
+      },
+      body: JSON.stringify({
+        agent: payload.agent,
+        service: payload.service,
+        actionType: payload.actionType,
+        status: "requires_approval",
+        cost: payload.cost ?? 0,
+        metadata: payload.metadata
+      }),
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+    });
+    const body = await response.json().catch(() => null);
+    if (isPlanTierInsufficientError(response.status, body)) {
+      return { status: "blocked", reason: "plan_tier_insufficient" };
+    }
+    if (response.status === 401 || response.status === 403) {
+      handleHttpError(response.status, logger);
+      return { status: "blocked", reason: "auth_error" };
+    }
+    if (response.status === 429 || response.status >= 500 && response.status < 600) {
+      handleHttpError(response.status, logger);
+      return { status: "blocked", reason: "service_unavailable" };
+    }
+    if (response.status === 202) {
+      if (!isApiSuccess(body)) {
+        return { status: "blocked", reason: "no_review_id" };
+      }
+      const data = body.data;
+      if (typeof data !== "object" || data === null) {
+        return { status: "blocked", reason: "no_review_id" };
+      }
+      const record = data;
+      const rid = record["content_review_id"];
+      const reviewId = typeof rid === "string" ? rid : void 0;
+      if (reviewId === void 0) {
+        return { status: "blocked", reason: "no_review_id" };
+      }
+      const polled = await pollContentReviewStatus(reviewId, apiKey, baseUrl, logger);
+      return { ...polled, reviewId };
+    }
+    if (response.status === 201) {
+      return { status: "blocked", reason: "no_review_id" };
+    }
+    return { status: "blocked", reason: "service_unavailable" };
+  } catch {
+    return { status: "blocked", reason: "network_error" };
   }
-  const publicContentIndicators = [
-    "publish",
-    "public",
-    "web",
-    "blog",
-    "post",
-    "article",
-    "social",
-    "twitter",
-    "facebook",
-    "linkedin",
-    "github_pages",
-    "deploy"
-  ];
-  return publicContentIndicators.some((indicator) => lowerToolName.includes(indicator));
 }
 // src/mcp/mcp-adapter.ts
@@ -1983,6 +2194,28 @@ function createMcpAdapter(config) {
       status
     });
   }
+  function mapContentReviewReasonToUserMessage(reason) {
+    switch (reason) {
+      case "plan_tier_insufficient":
+        return "Content review requires an Enterprise plan. Upgrade at app.multicorn.ai/settings.";
+      case "review_not_found":
+        return "Content review no longer exists. It may have been deleted or timed out.";
+      case "decision_window_exceeded":
+        return "Content review timed out before a decision was made.";
+      case "blocked_by_reviewer":
+        return "Content review was blocked by a reviewer.";
+      case "auth_error":
+        return "Content review failed: please verify your Multicorn API key.";
+      case "service_unavailable":
+        return "Content review failed: service unavailable.";
+      case "network_error":
+        return "Content review failed: network error.";
+      case "no_review_id":
+        return "Content review failed: could not start review.";
+      default:
+        return "Content review failed.";
+    }
+  }
   async function checkAutoApproveStatus() {
     if (config.checkAutoApprove !== void 0) {
       const result = config.checkAutoApprove(config.agentId);
@@ -2052,6 +2285,38 @@ function createMcpAdapter(config) {
             arguments: JSON.stringify(toolCall.arguments),
             requiresReview: true
           };
+          if (config.waitForReviewDecision === true) {
+            if (config.baseUrl === void 0 || config.apiKey === void 0) {
+              return {
+                blocked: true,
+                reason: "waitForReviewDecision requires baseUrl and apiKey to poll the content review.",
+                toolName: toolCall.toolName,
+                service: mappedService,
+                action
+              };
+            }
+            const review = await requestContentReview(
+              {
+                agent: config.agentId,
+                service: mappedService,
+                actionType: action,
+                metadata
+              },
+              config.apiKey,
+              config.baseUrl
+            );
+            if (review.status === "approved") {
+              await recordAction(mappedService, action, ACTION_STATUSES.Approved);
+              return handler(toolCall);
+            }
+            return {
+              blocked: true,
+              reason: mapContentReviewReasonToUserMessage(review.reason),
+              toolName: toolCall.toolName,
+              service: mappedService,
+              action
+            };
+          }
           if (config.logger) {
             await config.logger.logAction({
               agent: config.agentId,
@@ -2478,4 +2743,4 @@ function validateApiKey(apiKey) {
   }
 }
-export { ACTION_STATUSES, AGENT_STATUSES, BUILT_IN_SERVICES, CONSENT_ELEMENT_TAG, MulticornConsent, MulticornShield, PERMISSION_LEVELS, SERVICE_NAME_PATTERN, ScopeParseError, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isValidScopeString, parseScope, parseScopes, tryParseScope, validateAllScopesAccess, validateScopeAccess };
+export { ACTION_STATUSES, AGENT_STATUSES, BUILT_IN_SERVICES, CONSENT_ELEMENT_TAG, MulticornConsent, MulticornShield, PERMISSION_LEVELS, SERVICE_NAME_PATTERN, ScopeParseError, centsToDollars, createActionLogger, createFocusTrap, createMcpAdapter, createScopeRegistry, createSpendingChecker, dollarsToCents, formatScope, getPermissionLabel, getScopeLabel, getScopeShortLabel, getServiceDisplayName, getServiceIcon, hasScope, isBlockedResult, isPublicContentAction, isValidScopeString, parseScope, parseScopes, requestContentReview, requiresContentReview, tryParseScope, validateAllScopesAccess, validateScopeAccess };

package/dist/shield-extension.js CHANGED Viewed

@@ -22359,7 +22359,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 // package.json
 var package_default = {
-  version: "0.9.0"};
+  version: "0.10.0"};
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json CHANGED Viewed

@@ -1,8 +1,9 @@
 {
   "name": "multicorn-shield",
-  "version": "0.9.0",
+  "version": "0.10.0",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
+  "author": "Multicorn AI Pty Ltd",
   "type": "module",
   "main": "./dist/index.cjs",
   "module": "./dist/index.js",
@@ -37,8 +38,13 @@
     "dist",
     "plugins/windsurf",
     "LICENSE",
-    "README.md"
+    "README.md",
+    "CHANGELOG.md"
   ],
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "sideEffects": false,
   "engines": {
     "node": ">=20"