npm - multicorn-shield - Versions diffs - 1.1.0 → 1.3.0 - Mend

multicorn-shield 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +29 -0
package/dist/multicorn-proxy.js +2723 -2430
package/dist/multicorn-shield.js +2677 -2383
package/dist/openclaw-hook/handler.js +3 -3
package/dist/openclaw-plugin/multicorn-shield.js +3 -3
package/dist/shield-extension.js +32 -37
package/package.json +2 -1
package/plugins/cline/hooks/scripts/shared.cjs +49 -12
package/plugins/gemini-cli/hooks/scripts/shared.cjs +49 -12
package/plugins/multicorn-shield/.claude-plugin/plugin.json +8 -0
package/plugins/multicorn-shield/hooks/hooks.json +26 -0
package/plugins/multicorn-shield/hooks/scripts/claude-code-tool-map.cjs +138 -0
package/plugins/multicorn-shield/hooks/scripts/post-tool-use.cjs +253 -0
package/plugins/multicorn-shield/hooks/scripts/pre-tool-use.cjs +642 -0
package/plugins/multicorn-shield/skills/shield-governance/SKILL.md +24 -0
package/plugins/windsurf/hooks/scripts/post-action.cjs +60 -12
package/plugins/windsurf/hooks/scripts/pre-action.cjs +60 -12

package/dist/openclaw-hook/handler.js CHANGED Viewed

@@ -45,9 +45,9 @@ var TOOL_MAP = {
   slack_read: { service: "slack", permissionLevel: "read" },
   slack_message: { service: "slack", permissionLevel: "write" },
   // Payments
-  payments: { service: "payments", permissionLevel: "execute" },
-  payment: { service: "payments", permissionLevel: "execute" },
-  stripe: { service: "payments", permissionLevel: "execute" }
+  payments: { service: "payments", permissionLevel: "write" },
+  payment: { service: "payments", permissionLevel: "write" },
+  stripe: { service: "payments", permissionLevel: "write" }
 };
 function mapToolToScope(toolName, command) {
   const normalized = toolName.trim().toLowerCase();

package/dist/openclaw-plugin/multicorn-shield.js CHANGED Viewed

@@ -42,9 +42,9 @@ var TOOL_MAP = {
   slack_read: { service: "slack", permissionLevel: "read" },
   slack_message: { service: "slack", permissionLevel: "write" },
   // Payments
-  payments: { service: "payments", permissionLevel: "execute" },
-  payment: { service: "payments", permissionLevel: "execute" },
-  stripe: { service: "payments", permissionLevel: "execute" }
+  payments: { service: "payments", permissionLevel: "write" },
+  payment: { service: "payments", permissionLevel: "write" },
+  stripe: { service: "payments", permissionLevel: "write" }
 };
 function isDestructiveExecCommand(command) {
   const destructiveCommands = ["rm", "mv", "sudo", "chmod", "chown", "dd", "truncate", "shred"];

package/dist/shield-extension.js CHANGED Viewed

@@ -8,6 +8,7 @@ import 'stream';
 import { spawn } from 'child_process';
 import { createHash } from 'crypto';
 import 'url';
+import 'module';
 import 'readline';
 // Multicorn Shield Claude Desktop Extension - https://multicorn.ai
@@ -2970,7 +2971,7 @@ var require_compile = __commonJS({
       const schOrFunc = root.refs[ref];
       if (schOrFunc)
         return schOrFunc;
-      let _sch = resolve.call(this, root, ref);
+      let _sch = resolve2.call(this, root, ref);
       if (_sch === void 0) {
         const schema = (_a2 = root.localRefs) === null || _a2 === void 0 ? void 0 : _a2[ref];
         const { schemaId } = this.opts;
@@ -2997,7 +2998,7 @@ var require_compile = __commonJS({
     function sameSchemaEnv(s1, s2) {
       return s1.schema === s2.schema && s1.root === s2.root && s1.baseId === s2.baseId;
     }
-    function resolve(root, ref) {
+    function resolve2(root, ref) {
       let sch;
       while (typeof (sch = this.refs[ref]) == "string")
         ref = sch;
@@ -3569,7 +3570,7 @@ var require_fast_uri = __commonJS({
       }
       return uri;
     }
-    function resolve(baseURI, relativeURI, options) {
+    function resolve2(baseURI, relativeURI, options) {
       const schemelessOptions = options ? Object.assign({ scheme: "null" }, options) : { scheme: "null" };
       const resolved = resolveComponent(parse3(baseURI, schemelessOptions), parse3(relativeURI, schemelessOptions), schemelessOptions, true);
       schemelessOptions.skipEscape = true;
@@ -3796,7 +3797,7 @@ var require_fast_uri = __commonJS({
     var fastUri = {
       SCHEMES,
       normalize,
-      resolve,
+      resolve: resolve2,
       resolveComponent,
       equal,
       serialize,
@@ -20675,7 +20676,7 @@ var Protocol = class {
           return;
         }
         const pollInterval = task2.pollInterval ?? this._options?.defaultTaskPollInterval ?? 1e3;
-        await new Promise((resolve) => setTimeout(resolve, pollInterval));
+        await new Promise((resolve2) => setTimeout(resolve2, pollInterval));
         options?.signal?.throwIfAborted();
       }
     } catch (error2) {
@@ -20692,7 +20693,7 @@ var Protocol = class {
    */
   request(request, resultSchema, options) {
     const { relatedRequestId, resumptionToken, onresumptiontoken, task, relatedTask } = options ?? {};
-    return new Promise((resolve, reject) => {
+    return new Promise((resolve2, reject) => {
       const earlyReject = (error2) => {
         reject(error2);
       };
@@ -20770,7 +20771,7 @@ var Protocol = class {
           if (!parseResult.success) {
             reject(parseResult.error);
           } else {
-            resolve(parseResult.data);
+            resolve2(parseResult.data);
           }
         } catch (error2) {
           reject(error2);
@@ -21031,12 +21032,12 @@ var Protocol = class {
       }
     } catch {
     }
-    return new Promise((resolve, reject) => {
+    return new Promise((resolve2, reject) => {
       if (signal.aborted) {
         reject(new McpError(ErrorCode.InvalidRequest, "Request cancelled"));
         return;
       }
-      const timeoutId = setTimeout(resolve, interval);
+      const timeoutId = setTimeout(resolve2, interval);
       signal.addEventListener("abort", () => {
         clearTimeout(timeoutId);
         reject(new McpError(ErrorCode.InvalidRequest, "Request cancelled"));
@@ -21890,12 +21891,12 @@ var StdioServerTransport = class {
     this.onclose?.();
   }
   send(message) {
-    return new Promise((resolve) => {
+    return new Promise((resolve2) => {
       const json2 = serializeMessage(message);
       if (this._stdout.write(json2)) {
-        resolve();
+        resolve2();
       } else {
-        this._stdout.once("drain", resolve);
+        this._stdout.once("drain", resolve2);
       }
     });
   }
@@ -22214,7 +22215,7 @@ function detectScopeHints() {
   return [];
 }
 function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 function isApiSuccessResponse(value) {
   if (typeof value !== "object" || value === null) return false;
@@ -22260,54 +22261,48 @@ function getClaudeDesktopConfigPath() {
   }
 }
 var INIT_WIZARD_PLATFORM_REGISTRY = [
-  { slug: "openclaw", displayName: "OpenClaw", section: "native", detectable: true },
-  { slug: "claude-code", displayName: "Claude Code", section: "native", detectable: true },
-  { slug: "windsurf", displayName: "Windsurf", section: "native", detectable: true },
-  { slug: "cline", displayName: "Cline", section: "native", detectable: false },
-  { slug: "gemini-cli", displayName: "Gemini CLI", section: "native", detectable: false },
+  { slug: "openclaw", displayName: "OpenClaw", section: "native" },
+  { slug: "claude-code", displayName: "Claude Code", section: "native" },
+  { slug: "windsurf", displayName: "Windsurf", section: "native" },
+  { slug: "cline", displayName: "Cline", section: "native" },
+  { slug: "gemini-cli", displayName: "Gemini CLI", section: "native" },
   {
     slug: "cursor",
     displayName: "Cursor",
     section: "hosted",
-    prereqUrl: "https://www.cursor.com/downloads",
-    detectable: true
+    prereqUrl: "https://www.cursor.com/downloads"
   },
   {
     slug: "claude-desktop",
     displayName: "Claude Desktop",
     section: "hosted",
-    prereqUrl: "https://claude.ai/download",
-    detectable: false
+    prereqUrl: "https://claude.ai/download"
   },
   {
     slug: "github-copilot",
     displayName: "GitHub Copilot",
     section: "hosted",
-    prereqUrl: "https://docs.github.com/en/copilot/get-started",
-    detectable: false
+    prereqUrl: "https://docs.github.com/en/copilot/get-started"
   },
   {
     slug: "kilo-code",
     displayName: "Kilo Code",
     section: "hosted",
-    prereqUrl: "https://kilocode.ai/docs/getting-started",
-    detectable: false
+    prereqUrl: "https://kilocode.ai/docs/getting-started"
   },
   {
     slug: "continue-dev",
     displayName: "Continue",
     section: "hosted",
-    prereqUrl: "https://docs.continue.dev/ide-extensions/install",
-    detectable: false
+    prereqUrl: "https://docs.continue.dev/ide-extensions/install"
   },
   {
     slug: "goose",
     displayName: "Goose",
     section: "hosted",
-    prereqUrl: "https://goose-docs.ai/docs/quickstart/",
-    detectable: false
+    prereqUrl: "https://goose-docs.ai/docs/quickstart/"
   },
-  { slug: "other-mcp", displayName: "Local MCP / Other", section: "hosted", detectable: false }
+  { slug: "other-mcp", displayName: "Local MCP / Other", section: "hosted" }
 ];
 (() => {
   const itemsFor = (section) => INIT_WIZARD_PLATFORM_REGISTRY.filter((e) => e.section === section).map((e) => ({
@@ -22422,7 +22417,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 // package.json
 var package_default = {
-  version: "1.1.0"};
+  version: "1.3.0"};
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;
@@ -23201,7 +23196,7 @@ function createActionLogger(config2) {
   };
 }
 function sleep2(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 // src/proxy/interceptor.ts
@@ -23779,8 +23774,8 @@ async function runShieldExtension() {
   const dashboardUrl = deriveDashboardUrl(baseUrl);
   let resolveReady;
   let rejectReady;
-  const readyPromise = new Promise((resolve, reject) => {
-    resolveReady = resolve;
+  const readyPromise = new Promise((resolve2, reject) => {
+    resolveReady = resolve2;
     rejectReady = reject;
   });
   const toolRegistry = /* @__PURE__ */ new Map();
@@ -24031,10 +24026,10 @@ async function runShieldExtension() {
     await Promise.all(proxySessions.map((s) => s.close().catch(() => void 0)));
     await server.close();
   };
-  const stdinEnded = new Promise((resolve) => {
+  const stdinEnded = new Promise((resolve2) => {
     process.stdin.resume();
     process.stdin.once("end", () => {
-      resolve();
+      resolve2();
     });
   });
   const onSignal = () => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",
@@ -36,6 +36,7 @@
   },
   "files": [
     "dist",
+    "plugins/multicorn-shield",
     "plugins/windsurf",
     "plugins/cline",
     "plugins/gemini-cli",

package/plugins/cline/hooks/scripts/shared.cjs CHANGED Viewed

@@ -53,21 +53,58 @@ function readStdin() {
  * @param {Record<string, unknown>} obj
  * @returns {string}
  */
-function resolveClineAgentName(obj) {
+function cwdUnderWorkspacePath(cwdResolved, workspacePath) {
+  const w = path.resolve(workspacePath);
+  if (cwdResolved === w) return true;
+  const prefix = w.endsWith(path.sep) ? w : w + path.sep;
+  return cwdResolved.startsWith(prefix);
+}
+function pickAgentNameForPlatform(obj, platform, cwd) {
   const agents = obj.agents;
-  if (Array.isArray(agents)) {
-    for (const entry of agents) {
-      if (
-        entry &&
-        typeof entry === "object" &&
-        /** @type {{ platform?: string; name?: string }} */ (entry).platform === "cline" &&
-        typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
-      ) {
-        return /** @type {{ name: string }} */ (entry).name;
-      }
+  if (!Array.isArray(agents)) {
+    return typeof obj.agentName === "string" ? obj.agentName : "";
+  }
+  const matches = [];
+  for (const entry of agents) {
+    if (
+      entry &&
+      typeof entry === "object" &&
+      /** @type {{ platform?: string; name?: string; workspacePath?: string }} */ (entry)
+        .platform === platform &&
+      typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
+    ) {
+      matches.push(/** @type {{ name: string; workspacePath?: string }} */ (entry));
     }
   }
-  return typeof obj.agentName === "string" ? obj.agentName : "";
+  if (matches.length === 0) {
+    return typeof obj.agentName === "string" ? obj.agentName : "";
+  }
+  const withWs = matches.filter(
+    (m) => typeof m.workspacePath === "string" && m.workspacePath.length > 0,
+  );
+  if (withWs.length === 0) {
+    return matches[0].name;
+  }
+  const resolvedCwd = path.resolve(cwd);
+  let best = null;
+  let bestLen = -1;
+  for (const m of withWs) {
+    if (!cwdUnderWorkspacePath(resolvedCwd, m.workspacePath)) continue;
+    const len = path.resolve(m.workspacePath).length;
+    if (len > bestLen) {
+      bestLen = len;
+      best = m;
+    }
+  }
+  if (best !== null) {
+    return best.name;
+  }
+  return matches[0].name;
+}
+function resolveClineAgentName(obj) {
+  return pickAgentNameForPlatform(obj, "cline", process.cwd());
 }
 /**

package/plugins/gemini-cli/hooks/scripts/shared.cjs CHANGED Viewed

@@ -56,21 +56,58 @@ function readStdin() {
   });
 }
-function resolveGeminiCliAgentName(obj) {
+function cwdUnderWorkspacePath(cwdResolved, workspacePath) {
+  const w = path.resolve(workspacePath);
+  if (cwdResolved === w) return true;
+  const prefix = w.endsWith(path.sep) ? w : w + path.sep;
+  return cwdResolved.startsWith(prefix);
+}
+function pickAgentNameForPlatform(obj, platform, cwd) {
   const agents = obj.agents;
-  if (Array.isArray(agents)) {
-    for (const entry of agents) {
-      if (
-        entry &&
-        typeof entry === "object" &&
-        /** @type {{ platform?: string; name?: string }} */ (entry).platform === "gemini-cli" &&
-        typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
-      ) {
-        return /** @type {{ name: string }} */ (entry).name;
-      }
+  if (!Array.isArray(agents)) {
+    return typeof obj.agentName === "string" ? obj.agentName : "";
+  }
+  const matches = [];
+  for (const entry of agents) {
+    if (
+      entry &&
+      typeof entry === "object" &&
+      /** @type {{ platform?: string; name?: string; workspacePath?: string }} */ (entry)
+        .platform === platform &&
+      typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
+    ) {
+      matches.push(/** @type {{ name: string; workspacePath?: string }} */ (entry));
     }
   }
-  return typeof obj.agentName === "string" ? obj.agentName : "";
+  if (matches.length === 0) {
+    return typeof obj.agentName === "string" ? obj.agentName : "";
+  }
+  const withWs = matches.filter(
+    (m) => typeof m.workspacePath === "string" && m.workspacePath.length > 0,
+  );
+  if (withWs.length === 0) {
+    return matches[0].name;
+  }
+  const resolvedCwd = path.resolve(cwd);
+  let best = null;
+  let bestLen = -1;
+  for (const m of withWs) {
+    if (!cwdUnderWorkspacePath(resolvedCwd, m.workspacePath)) continue;
+    const len = path.resolve(m.workspacePath).length;
+    if (len > bestLen) {
+      bestLen = len;
+      best = m;
+    }
+  }
+  if (best !== null) {
+    return best.name;
+  }
+  return matches[0].name;
+}
+function resolveGeminiCliAgentName(obj) {
+  return pickAgentNameForPlatform(obj, "gemini-cli", process.cwd());
 }
 function loadConfig() {

package/plugins/multicorn-shield/.claude-plugin/plugin.json ADDED Viewed

@@ -0,0 +1,8 @@
+{
+  "name": "multicorn-shield",
+  "description": "Agent governance plugin for Claude Code. Intercepts tool calls via PreToolUse hooks, enforces permissions, spending limits, and maintains audit trails.",
+  "author": {
+    "name": "Multicorn AI",
+    "email": "hello@multicorn.ai"
+  }
+}

package/plugins/multicorn-shield/hooks/hooks.json ADDED Viewed

@@ -0,0 +1,26 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/scripts/pre-tool-use.cjs\""
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/scripts/post-tool-use.cjs\""
+          }
+        ]
+      }
+    ]
+  }
+}

package/plugins/multicorn-shield/hooks/scripts/claude-code-tool-map.cjs ADDED Viewed

@@ -0,0 +1,138 @@
+"use strict";
+// AUTO-GENERATED from src/hooks/claude-code-tool-map.ts — do not edit manually. Run pnpm build from the package root to regenerate.
+// src/openclaw/tool-mapper.ts
+var TOOL_MAP = {
+  // OpenClaw built-in tools
+  read: { service: "filesystem", permissionLevel: "read" },
+  write: { service: "filesystem", permissionLevel: "write" },
+  edit: { service: "filesystem", permissionLevel: "write" },
+  exec: { service: "terminal", permissionLevel: "execute" },
+  browser: { service: "browser", permissionLevel: "execute" },
+  message: { service: "messaging", permissionLevel: "write" },
+  process: { service: "terminal", permissionLevel: "execute" },
+  sessions_spawn: { service: "agents", permissionLevel: "execute" },
+  // Common integration tools (MCP servers, skills, etc.)
+  // Gmail
+  gmail: { service: "gmail", permissionLevel: "execute" },
+  gmail_send: { service: "gmail", permissionLevel: "write" },
+  gmail_read: { service: "gmail", permissionLevel: "read" },
+  // Google Calendar
+  google_calendar: { service: "google_calendar", permissionLevel: "execute" },
+  calendar: { service: "google_calendar", permissionLevel: "execute" },
+  calendar_create: { service: "google_calendar", permissionLevel: "write" },
+  calendar_read: { service: "google_calendar", permissionLevel: "read" },
+  // Google Drive
+  google_drive: { service: "google_drive", permissionLevel: "execute" },
+  drive: { service: "google_drive", permissionLevel: "execute" },
+  drive_read: { service: "google_drive", permissionLevel: "read" },
+  drive_write: { service: "google_drive", permissionLevel: "write" },
+  // Slack
+  slack: { service: "slack", permissionLevel: "execute" },
+  slack_send: { service: "slack", permissionLevel: "write" },
+  slack_read: { service: "slack", permissionLevel: "read" },
+  slack_message: { service: "slack", permissionLevel: "write" },
+  // Payments
+  payments: { service: "payments", permissionLevel: "write" },
+  payment: { service: "payments", permissionLevel: "write" },
+  stripe: { service: "payments", permissionLevel: "write" },
+};
+function isDestructiveExecCommand(command) {
+  const destructiveCommands = ["rm", "mv", "sudo", "chmod", "chown", "dd", "truncate", "shred"];
+  const normalized = command.toLowerCase();
+  return destructiveCommands.some((destructive) => normalized.includes(destructive));
+}
+function mapToolToScope(toolName, command) {
+  const normalized = toolName.trim().toLowerCase();
+  if (normalized.length === 0) {
+    return { service: "unknown", permissionLevel: "execute" };
+  }
+  const known = TOOL_MAP[normalized];
+  if (known !== void 0) {
+    return known;
+  }
+  const integrationPrefixes = {
+    gmail: "gmail",
+    google_calendar: "google_calendar",
+    calendar: "google_calendar",
+    google_drive: "google_drive",
+    drive: "google_drive",
+    slack: "slack",
+    payments: "payments",
+    payment: "payments",
+    stripe: "payments",
+  };
+  for (const [prefix, service] of Object.entries(integrationPrefixes)) {
+    if (normalized.startsWith(prefix + "_") || normalized === prefix) {
+      let permissionLevel = "execute";
+      if (
+        normalized.includes("_read") ||
+        normalized.includes("_get") ||
+        normalized.includes("_list")
+      ) {
+        permissionLevel = "read";
+      } else if (
+        normalized.includes("_write") ||
+        normalized.includes("_send") ||
+        normalized.includes("_create") ||
+        normalized.includes("_update") ||
+        normalized.includes("_delete")
+      ) {
+        permissionLevel = "write";
+      }
+      return { service, permissionLevel };
+    }
+  }
+  return { service: normalized, permissionLevel: "execute" };
+}
+// src/hooks/claude-code-tool-map.ts
+function extractExecCommand(toolInput) {
+  if (toolInput === void 0 || toolInput === null) {
+    return void 0;
+  }
+  if (typeof toolInput === "string") {
+    try {
+      return extractExecCommand(JSON.parse(toolInput));
+    } catch {
+      process.stderr.write("Shield: failed to parse tool input as JSON, using raw string\n");
+      return toolInput;
+    }
+  }
+  if (typeof toolInput === "object") {
+    const o = toolInput;
+    const c = o["command"] ?? o["cmd"];
+    if (typeof c === "string") {
+      return c;
+    }
+  }
+  return void 0;
+}
+function mapClaudeCodeToolToShield(toolName, toolInput) {
+  const n = toolName.trim().toLowerCase();
+  if (n.length === 0) {
+    return { service: "unknown", actionType: "execute" };
+  }
+  if (n === "bash" || n === "shell") {
+    const cmd = extractExecCommand(toolInput);
+    if (cmd !== void 0 && isDestructiveExecCommand(cmd)) {
+      return { service: "terminal", actionType: "write" };
+    }
+    return { service: "terminal", actionType: "execute" };
+  }
+  if (n === "glob" || n === "grep") {
+    return { service: "filesystem", actionType: "read" };
+  }
+  if (n === "webfetch") {
+    return { service: "web", actionType: "read" };
+  }
+  if (n === "task") {
+    return { service: "subagent", actionType: "execute" };
+  }
+  const scope = mapToolToScope(n);
+  return { service: scope.service, actionType: scope.permissionLevel };
+}
+exports.extractExecCommand = extractExecCommand;
+exports.mapClaudeCodeToolToShield = mapClaudeCodeToolToShield;