multicorn-shield 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/CHANGELOG.md +29 -0
  2. package/dist/multicorn-proxy.js +2723 -2430
  3. package/dist/multicorn-shield.js +2677 -2383
  4. package/dist/openclaw-hook/handler.js +3 -3
  5. package/dist/openclaw-plugin/multicorn-shield.js +3 -3
  6. package/dist/shield-extension.js +32 -37
  7. package/package.json +2 -1
  8. package/plugins/cline/hooks/scripts/shared.cjs +49 -12
  9. package/plugins/gemini-cli/hooks/scripts/shared.cjs +49 -12
  10. package/plugins/multicorn-shield/.claude-plugin/plugin.json +8 -0
  11. package/plugins/multicorn-shield/hooks/hooks.json +26 -0
  12. package/plugins/multicorn-shield/hooks/scripts/claude-code-tool-map.cjs +138 -0
  13. package/plugins/multicorn-shield/hooks/scripts/post-tool-use.cjs +253 -0
  14. package/plugins/multicorn-shield/hooks/scripts/pre-tool-use.cjs +642 -0
  15. package/plugins/multicorn-shield/skills/shield-governance/SKILL.md +24 -0
  16. package/plugins/windsurf/hooks/scripts/post-action.cjs +60 -12
  17. package/plugins/windsurf/hooks/scripts/pre-action.cjs +60 -12
package/plugins/windsurf/hooks/scripts/post-action.cjs CHANGED
@@ -37,25 +37,73 @@ function readStdin() {
37
37
  }
38
38
 
39
39
  // Duplicated in pre-action.cjs. CJS hooks cannot import shared TypeScript modules.
40
+ /**
41
+ * @param {string} cwdResolved
42
+ * @param {string} workspacePath
43
+ * @returns {boolean}
44
+ */
45
+ function cwdUnderWorkspacePath(cwdResolved, workspacePath) {
46
+ const w = path.resolve(workspacePath);
47
+ if (cwdResolved === w) return true;
48
+ const prefix = w.endsWith(path.sep) ? w : w + path.sep;
49
+ return cwdResolved.startsWith(prefix);
50
+ }
51
+
40
52
  /**
41
53
  * @param {Record<string, unknown>} obj
54
+ * @param {string} platform
55
+ * @param {string} cwd
42
56
  * @returns {string}
43
57
  */
44
- function resolveWindsurfAgentName(obj) {
58
+ function pickAgentNameForPlatform(obj, platform, cwd) {
45
59
  const agents = obj.agents;
46
- if (Array.isArray(agents)) {
47
- for (const entry of agents) {
48
- if (
49
- entry &&
50
- typeof entry === "object" &&
51
- /** @type {{ platform?: string; name?: string }} */ (entry).platform === "windsurf" &&
52
- typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
53
- ) {
54
- return /** @type {{ name: string }} */ (entry).name;
55
- }
60
+ if (!Array.isArray(agents)) {
61
+ return typeof obj.agentName === "string" ? obj.agentName : "";
62
+ }
63
+ const matches = [];
64
+ for (const entry of agents) {
65
+ if (
66
+ entry &&
67
+ typeof entry === "object" &&
68
+ /** @type {{ platform?: string; name?: string; workspacePath?: string }} */ (entry)
69
+ .platform === platform &&
70
+ typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
71
+ ) {
72
+ matches.push(/** @type {{ name: string; workspacePath?: string }} */ (entry));
56
73
  }
57
74
  }
58
- return typeof obj.agentName === "string" ? obj.agentName : "";
75
+ if (matches.length === 0) {
76
+ return typeof obj.agentName === "string" ? obj.agentName : "";
77
+ }
78
+ const withWs = matches.filter(
79
+ (m) => typeof m.workspacePath === "string" && m.workspacePath.length > 0,
80
+ );
81
+ if (withWs.length === 0) {
82
+ return matches[0].name;
83
+ }
84
+ const resolvedCwd = path.resolve(cwd);
85
+ let best = null;
86
+ let bestLen = -1;
87
+ for (const m of withWs) {
88
+ if (!cwdUnderWorkspacePath(resolvedCwd, m.workspacePath)) continue;
89
+ const len = path.resolve(m.workspacePath).length;
90
+ if (len > bestLen) {
91
+ bestLen = len;
92
+ best = m;
93
+ }
94
+ }
95
+ if (best !== null) {
96
+ return best.name;
97
+ }
98
+ return matches[0].name;
99
+ }
100
+
101
+ /**
102
+ * @param {Record<string, unknown>} obj
103
+ * @returns {string}
104
+ */
105
+ function resolveWindsurfAgentName(obj) {
106
+ return pickAgentNameForPlatform(obj, "windsurf", process.cwd());
59
107
  }
60
108
 
61
109
  /**
package/plugins/windsurf/hooks/scripts/pre-action.cjs CHANGED
@@ -41,25 +41,73 @@ function readStdin() {
41
41
  }
42
42
 
43
43
  // Duplicated in post-action.cjs. CJS hooks cannot import shared TypeScript modules.
44
+ /**
45
+ * @param {string} cwdResolved
46
+ * @param {string} workspacePath
47
+ * @returns {boolean}
48
+ */
49
+ function cwdUnderWorkspacePath(cwdResolved, workspacePath) {
50
+ const w = path.resolve(workspacePath);
51
+ if (cwdResolved === w) return true;
52
+ const prefix = w.endsWith(path.sep) ? w : w + path.sep;
53
+ return cwdResolved.startsWith(prefix);
54
+ }
55
+
44
56
  /**
45
57
  * @param {Record<string, unknown>} obj
58
+ * @param {string} platform
59
+ * @param {string} cwd
46
60
  * @returns {string}
47
61
  */
48
- function resolveWindsurfAgentName(obj) {
62
+ function pickAgentNameForPlatform(obj, platform, cwd) {
49
63
  const agents = obj.agents;
50
- if (Array.isArray(agents)) {
51
- for (const entry of agents) {
52
- if (
53
- entry &&
54
- typeof entry === "object" &&
55
- /** @type {{ platform?: string; name?: string }} */ (entry).platform === "windsurf" &&
56
- typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
57
- ) {
58
- return /** @type {{ name: string }} */ (entry).name;
59
- }
64
+ if (!Array.isArray(agents)) {
65
+ return typeof obj.agentName === "string" ? obj.agentName : "";
66
+ }
67
+ const matches = [];
68
+ for (const entry of agents) {
69
+ if (
70
+ entry &&
71
+ typeof entry === "object" &&
72
+ /** @type {{ platform?: string; name?: string; workspacePath?: string }} */ (entry)
73
+ .platform === platform &&
74
+ typeof (/** @type {{ platform?: string; name?: string }} */ (entry).name) === "string"
75
+ ) {
76
+ matches.push(/** @type {{ name: string; workspacePath?: string }} */ (entry));
60
77
  }
61
78
  }
62
- return typeof obj.agentName === "string" ? obj.agentName : "";
79
+ if (matches.length === 0) {
80
+ return typeof obj.agentName === "string" ? obj.agentName : "";
81
+ }
82
+ const withWs = matches.filter(
83
+ (m) => typeof m.workspacePath === "string" && m.workspacePath.length > 0,
84
+ );
85
+ if (withWs.length === 0) {
86
+ return matches[0].name;
87
+ }
88
+ const resolvedCwd = path.resolve(cwd);
89
+ let best = null;
90
+ let bestLen = -1;
91
+ for (const m of withWs) {
92
+ if (!cwdUnderWorkspacePath(resolvedCwd, m.workspacePath)) continue;
93
+ const len = path.resolve(m.workspacePath).length;
94
+ if (len > bestLen) {
95
+ bestLen = len;
96
+ best = m;
97
+ }
98
+ }
99
+ if (best !== null) {
100
+ return best.name;
101
+ }
102
+ return matches[0].name;
103
+ }
104
+
105
+ /**
106
+ * @param {Record<string, unknown>} obj
107
+ * @returns {string}
108
+ */
109
+ function resolveWindsurfAgentName(obj) {
110
+ return pickAgentNameForPlatform(obj, "windsurf", process.cwd());
63
111
  }
64
112
 
65
113
  /**