multicorn-shield 1.10.0 → 1.11.1

package/CHANGELOG.md

@@ -9,6 +9,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Bump `version` in `package.json` before publishing to npm.
 
+## [Unreleased]
+
+### Fixed
+
+- The local proxy server entry is now resolved by locating the multicorn-shield package root rather than a fixed relative climb, so `files` works from source, bundled dist, and npm installs.
+
+## [1.11.0] - 2026-06-18
+
+### Added
+
+- `files` subcommand for governing a local filesystem under Shield (`files start`, `stop`, `restart`, `status`). An agent can read, write, and delete files in a chosen folder, with each action approved and logged like the hosted services.
+- Combo agents: a single agent can expose both hosted services (Gmail, Calendar, Drive) and a local filesystem through one `mcp.json` entry.
+- Per-agent file supervisors with a liveness heartbeat to the backend, auto port allocation, and refcounted shared proxy and filesystem servers that start and stop with the agents using them.
+- Distinct `delete` permission level for the filesystem, separate from `write`, so an agent can be allowed to change files without being allowed to delete them.
+- `files start` and `files restart` regenerate the agent's keyed `mcp.json` entry on every run. The write is atomic and fail-closed: a complete entry is built first, then the block is replaced in one write, so a failed run never leaves the file broken.
+
+### Changed
+
+- One `mcp.json` entry per agent, keyed by the agent's own name. Earlier builds appended `-files`/`-filesystem` suffixes; legacy suffixed entries are now cleaned up on registration.
+
+### Fixed
+
+- `files` now starts the local proxy by spawning the bundled `dist/server.js` entry directly (with `PORT`, `SHIELD_API_BASE_URL`, and `ALLOW_PRIVATE_TARGETS`), instead of invoking the deprecated `multicorn-proxy` CLI alias. First-run setup works when no proxy is already listening on the port.
+- Pinned transitive dependencies (`path-to-regexp`, `ws`, `hono`) via `pnpm.overrides` to clear high-severity audit advisories pulled in by `supergateway` and the MCP SDK.
+
 ## [1.10.0] - 2026-06-09
 
 ### Changed

package/dist/index.cjs

@@ -41,6 +41,7 @@ var AGENT_STATUSES = {
 var PERMISSION_LEVELS = {
   Read: "read",
   Write: "write",
+  Delete: "delete",
   Execute: "execute",
   Publish: "publish",
   Create: "create"
@@ -75,6 +76,11 @@ var BUILT_IN_SERVICES = {
     description: "Google Drive: file browsing, uploading, and sharing",
     capabilities: [PERMISSION_LEVELS.Read, PERMISSION_LEVELS.Write]
   },
+  filesystem: {
+    name: "filesystem",
+    description: "Sandboxed Multicorn workspace: reading, writing, and deleting files",
+    capabilities: [PERMISSION_LEVELS.Read, PERMISSION_LEVELS.Write, PERMISSION_LEVELS.Delete]
+  },
   payments: {
     name: "payments",
     description: "Payment processing: balance enquiries and transaction execution",
@@ -344,6 +350,7 @@ var SERVICE_DISPLAY_NAMES = {
   calendar: "Google Calendar",
   slack: "Slack",
   drive: "Google Drive",
+  filesystem: "Workspace files",
   payments: "Payments",
   github: "GitHub",
   jira: "Jira",
@@ -355,6 +362,7 @@ var SERVICE_ICONS = {
   calendar: "\u{1F4C5}",
   slack: "\u{1F4AC}",
   drive: "\u{1F4C1}",
+  filesystem: "\u{1F4C2}",
   payments: "\u{1F4B3}",
   github: "\u{1F419}",
   jira: "\u{1F3AF}",
@@ -364,6 +372,7 @@ var SERVICE_ICONS = {
 var PERMISSION_DESCRIPTIONS = {
   [PERMISSION_LEVELS.Read]: "Read",
   [PERMISSION_LEVELS.Write]: "Create and modify",
+  [PERMISSION_LEVELS.Delete]: "Delete",
   [PERMISSION_LEVELS.Execute]: "Execute actions",
   [PERMISSION_LEVELS.Publish]: "Publish",
   [PERMISSION_LEVELS.Create]: "Create"
@@ -371,6 +380,7 @@ var PERMISSION_DESCRIPTIONS = {
 var PERMISSION_FULL_DESCRIPTIONS = {
   [PERMISSION_LEVELS.Read]: (serviceName) => `Read your ${serviceName}`,
   [PERMISSION_LEVELS.Write]: (serviceName) => `Create and modify ${serviceName} content`,
+  [PERMISSION_LEVELS.Delete]: (serviceName) => `Delete ${serviceName} content`,
   [PERMISSION_LEVELS.Execute]: (serviceName) => {
     if (serviceName.toLowerCase().includes("payment")) {
       return "Make purchases on your behalf";

package/dist/index.d.cts

@@ -32,6 +32,8 @@ type AgentStatus = (typeof AGENT_STATUSES)[keyof typeof AGENT_STATUSES];
  *
  * - `read`: observe data without modification
  * - `write`: create or modify data
+ * - `delete`: destroy data (kept distinct from `write` so saving a file never
+ *   implies the right to delete one; used by the hosted workspace filesystem)
  * - `execute`: trigger side-effects (e.g. send an email, make a payment)
  * - `publish`: make existing content publicly accessible (e.g. deploy, publish, make live)
  * - `create`: create new content that is immediately public (e.g. tweet, public commit, forum post)
@@ -39,6 +41,7 @@ type AgentStatus = (typeof AGENT_STATUSES)[keyof typeof AGENT_STATUSES];
 declare const PERMISSION_LEVELS: {
     readonly Read: "read";
     readonly Write: "write";
+    readonly Delete: "delete";
     readonly Execute: "execute";
     readonly Publish: "publish";
     readonly Create: "create";
@@ -233,6 +236,11 @@ declare const BUILT_IN_SERVICES: {
         readonly description: "Google Drive: file browsing, uploading, and sharing";
         readonly capabilities: readonly ["read", "write"];
     };
+    readonly filesystem: {
+        readonly name: "filesystem";
+        readonly description: "Sandboxed Multicorn workspace: reading, writing, and deleting files";
+        readonly capabilities: readonly ["read", "write", "delete"];
+    };
     readonly payments: {
         readonly name: "payments";
         readonly description: "Payment processing: balance enquiries and transaction execution";
@@ -448,7 +456,7 @@ type ScopeParseResult = {
  * Parse a scope string into a structured {@link Scope} object.
  *
  * Scope strings use the format `"permission:service"` where:
- * - **permission** is one of `read`, `write`, `execute`, `publish`, or `create`
+ * - **permission** is one of `read`, `write`, `delete`, `execute`, `publish`, or `create`
  * - **service** is a lowercase identifier (letters, digits, hyphens, underscores)
  *
  * @param input - The scope string to parse (e.g. `"read:gmail"`).
@@ -463,8 +471,8 @@ type ScopeParseResult = {
  *
  * @example
  * ```ts
- * parseScope("delete:gmail");
- * // throws ScopeParseError: Unknown permission level "delete" …
+ * parseScope("destroy:gmail");
+ * // throws ScopeParseError: Unknown permission level "destroy" …
  * ```
  */
 declare function parseScope(input: string): Scope;
@@ -533,7 +541,7 @@ declare function formatScope(scope: Scope): string;
  * @example
  * ```ts
  * isValidScopeString("read:gmail");     // true
- * isValidScopeString("delete:gmail");   // false
+ * isValidScopeString("destroy:gmail");  // false
  * isValidScopeString("");               // false
  * ```
  */

package/dist/index.d.ts

@@ -32,6 +32,8 @@ type AgentStatus = (typeof AGENT_STATUSES)[keyof typeof AGENT_STATUSES];
  *
  * - `read`: observe data without modification
  * - `write`: create or modify data
+ * - `delete`: destroy data (kept distinct from `write` so saving a file never
+ *   implies the right to delete one; used by the hosted workspace filesystem)
  * - `execute`: trigger side-effects (e.g. send an email, make a payment)
  * - `publish`: make existing content publicly accessible (e.g. deploy, publish, make live)
  * - `create`: create new content that is immediately public (e.g. tweet, public commit, forum post)
@@ -39,6 +41,7 @@ type AgentStatus = (typeof AGENT_STATUSES)[keyof typeof AGENT_STATUSES];
 declare const PERMISSION_LEVELS: {
     readonly Read: "read";
     readonly Write: "write";
+    readonly Delete: "delete";
     readonly Execute: "execute";
     readonly Publish: "publish";
     readonly Create: "create";
@@ -233,6 +236,11 @@ declare const BUILT_IN_SERVICES: {
         readonly description: "Google Drive: file browsing, uploading, and sharing";
         readonly capabilities: readonly ["read", "write"];
     };
+    readonly filesystem: {
+        readonly name: "filesystem";
+        readonly description: "Sandboxed Multicorn workspace: reading, writing, and deleting files";
+        readonly capabilities: readonly ["read", "write", "delete"];
+    };
     readonly payments: {
         readonly name: "payments";
         readonly description: "Payment processing: balance enquiries and transaction execution";
@@ -448,7 +456,7 @@ type ScopeParseResult = {
  * Parse a scope string into a structured {@link Scope} object.
  *
  * Scope strings use the format `"permission:service"` where:
- * - **permission** is one of `read`, `write`, `execute`, `publish`, or `create`
+ * - **permission** is one of `read`, `write`, `delete`, `execute`, `publish`, or `create`
  * - **service** is a lowercase identifier (letters, digits, hyphens, underscores)
  *
  * @param input - The scope string to parse (e.g. `"read:gmail"`).
@@ -463,8 +471,8 @@ type ScopeParseResult = {
  *
  * @example
  * ```ts
- * parseScope("delete:gmail");
- * // throws ScopeParseError: Unknown permission level "delete" …
+ * parseScope("destroy:gmail");
+ * // throws ScopeParseError: Unknown permission level "destroy" …
  * ```
  */
 declare function parseScope(input: string): Scope;
@@ -533,7 +541,7 @@ declare function formatScope(scope: Scope): string;
  * @example
  * ```ts
  * isValidScopeString("read:gmail");     // true
- * isValidScopeString("delete:gmail");   // false
+ * isValidScopeString("destroy:gmail");  // false
  * isValidScopeString("");               // false
  * ```
  */

package/dist/index.js

@@ -39,6 +39,7 @@ var AGENT_STATUSES = {
 var PERMISSION_LEVELS = {
   Read: "read",
   Write: "write",
+  Delete: "delete",
   Execute: "execute",
   Publish: "publish",
   Create: "create"
@@ -73,6 +74,11 @@ var BUILT_IN_SERVICES = {
     description: "Google Drive: file browsing, uploading, and sharing",
     capabilities: [PERMISSION_LEVELS.Read, PERMISSION_LEVELS.Write]
   },
+  filesystem: {
+    name: "filesystem",
+    description: "Sandboxed Multicorn workspace: reading, writing, and deleting files",
+    capabilities: [PERMISSION_LEVELS.Read, PERMISSION_LEVELS.Write, PERMISSION_LEVELS.Delete]
+  },
   payments: {
     name: "payments",
     description: "Payment processing: balance enquiries and transaction execution",
@@ -342,6 +348,7 @@ var SERVICE_DISPLAY_NAMES = {
   calendar: "Google Calendar",
   slack: "Slack",
   drive: "Google Drive",
+  filesystem: "Workspace files",
   payments: "Payments",
   github: "GitHub",
   jira: "Jira",
@@ -353,6 +360,7 @@ var SERVICE_ICONS = {
   calendar: "\u{1F4C5}",
   slack: "\u{1F4AC}",
   drive: "\u{1F4C1}",
+  filesystem: "\u{1F4C2}",
   payments: "\u{1F4B3}",
   github: "\u{1F419}",
   jira: "\u{1F3AF}",
@@ -362,6 +370,7 @@ var SERVICE_ICONS = {
 var PERMISSION_DESCRIPTIONS = {
   [PERMISSION_LEVELS.Read]: "Read",
   [PERMISSION_LEVELS.Write]: "Create and modify",
+  [PERMISSION_LEVELS.Delete]: "Delete",
   [PERMISSION_LEVELS.Execute]: "Execute actions",
   [PERMISSION_LEVELS.Publish]: "Publish",
   [PERMISSION_LEVELS.Create]: "Create"
@@ -369,6 +378,7 @@ var PERMISSION_DESCRIPTIONS = {
 var PERMISSION_FULL_DESCRIPTIONS = {
   [PERMISSION_LEVELS.Read]: (serviceName) => `Read your ${serviceName}`,
   [PERMISSION_LEVELS.Write]: (serviceName) => `Create and modify ${serviceName} content`,
+  [PERMISSION_LEVELS.Delete]: (serviceName) => `Delete ${serviceName} content`,
   [PERMISSION_LEVELS.Execute]: (serviceName) => {
     if (serviceName.toLowerCase().includes("payment")) {
       return "Make purchases on your behalf";