npm - multicorn-shield - Versions diffs - 1.11.0 → 1.11.1 - Mend

multicorn-shield 1.11.0 → 1.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +7 -0
package/dist/multicorn-proxy.js +100 -12
package/dist/multicorn-shield.js +95 -11
package/dist/server.js +3499 -0
package/dist/shield-extension.js +1 -1
package/package.json +2 -2

package/CHANGELOG.md CHANGED Viewed

@@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump `version` in `package.json` before publishing to npm.
+## [Unreleased]
+### Fixed
+- The local proxy server entry is now resolved by locating the multicorn-shield package root rather than a fixed relative climb, so `files` works from source, bundled dist, and npm installs.
 ## [1.11.0] - 2026-06-18
 ### Added
@@ -25,6 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
+- `files` now starts the local proxy by spawning the bundled `dist/server.js` entry directly (with `PORT`, `SHIELD_API_BASE_URL`, and `ALLOW_PRIVATE_TARGETS`), instead of invoking the deprecated `multicorn-proxy` CLI alias. First-run setup works when no proxy is already listening on the port.
 - Pinned transitive dependencies (`path-to-regexp`, `ws`, `hono`) via `pnpm.overrides` to clear high-severity audit advisories pulled in by `supergateway` and the MCP SDK.
 ## [1.10.0] - 2026-06-09

package/dist/multicorn-proxy.js CHANGED Viewed

@@ -5062,7 +5062,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "multicorn-shield",
-      version: "1.11.0",
+      version: "1.11.1",
       description: "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
       license: "MIT",
       author: "Multicorn AI Pty Ltd",
@@ -5122,7 +5122,7 @@ var init_package = __esm({
         node: ">=20"
       },
       scripts: {
-        build: "tsup",
+        build: "tsup && node scripts/stage-local-proxy-server.mjs",
         dev: "tsup --watch",
         lint: "eslint . --no-warn-ignored && prettier --check .",
         "lint:fix": "eslint --fix . --no-warn-ignored && prettier --write .",
@@ -5251,6 +5251,94 @@ var init_package_meta = __esm({
     PACKAGE_VERSION = package_default.version;
   }
 });
+function findMulticornShieldPackageRoot(moduleDir = dirname(fileURLToPath(import.meta.url))) {
+  let current = moduleDir;
+  for (; ; ) {
+    const pkgPath = join(current, "package.json");
+    if (existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+        if (pkg.name === "multicorn-shield") {
+          return current;
+        }
+      } catch {
+      }
+    }
+    const parent = dirname(current);
+    if (parent === current) {
+      break;
+    }
+    current = parent;
+  }
+  try {
+    const req = createRequire(import.meta.url);
+    return dirname(req.resolve("multicorn-shield/package.json"));
+  } catch {
+    throw new Error(NOT_FOUND_MESSAGE);
+  }
+}
+function resolveLocalProxyServerEntry(options) {
+  const moduleDir = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(findMulticornShieldPackageRoot(moduleDir), "dist", "server.js")
+  ];
+  try {
+    const req = createRequire(import.meta.url);
+    const proxyRoot = dirname(req.resolve("multicorn-proxy/package.json"));
+    candidates.unshift(join(proxyRoot, "dist", "server.js"));
+  } catch {
+  }
+  for (const path of candidates) {
+    if (existsSync(path)) return path;
+  }
+  throw new Error(NOT_FOUND_MESSAGE);
+}
+function buildLocalProxySpawnEnv(port, apiBaseUrl) {
+  return {
+    PORT: String(port),
+    HOST: "127.0.0.1",
+    SHIELD_API_BASE_URL: apiBaseUrl,
+    ALLOW_PRIVATE_TARGETS: "true"
+  };
+}
+function buildLocalProxySpawnCommand(port, apiBaseUrl, execPath = process.execPath, serverEntryPath = resolveLocalProxyServerEntry()) {
+  const env = buildLocalProxySpawnEnv(port, apiBaseUrl);
+  return {
+    executable: execPath,
+    args: [serverEntryPath],
+    env,
+    serverEntryPath
+  };
+}
+function readProxyLogTail(logPath, maxBytes = 8e3) {
+  try {
+    const content = readFileSync(logPath, "utf8");
+    if (content.length <= maxBytes) return content;
+    return content.slice(-maxBytes);
+  } catch {
+    return "";
+  }
+}
+function formatLocalProxyStartError(port, logPath, childExited, exitCode) {
+  const logTail = readProxyLogTail(logPath);
+  const reason = childExited ? `Proxy process exited early${exitCode === null ? "" : ` (code ${String(exitCode)})`}.` : `Proxy did not become ready on port ${String(port)} within the timeout.`;
+  let message = `Could not start the local proxy on port ${String(port)}. ${reason}`;
+  message += logTail.length > 0 ? `
+Output from ${logPath}:
+${logTail.trimEnd()}` : `
+See ${logPath} for details.`;
+  return message;
+}
+var LOCAL_PROXY_READY_POLL_MS, LOCAL_PROXY_READY_MAX_POLLS, NOT_FOUND_MESSAGE;
+var init_local_proxy_start = __esm({
+  "src/commands/local-proxy-start.ts"() {
+    LOCAL_PROXY_READY_POLL_MS = 500;
+    LOCAL_PROXY_READY_MAX_POLLS = 30;
+    NOT_FOUND_MESSAGE = "Local proxy server entry (dist/server.js) not found. Reinstall multicorn-shield or run pnpm build.";
+  }
+});
 function pidfilePath(agent) {
   return join(PIDFILE_DIR, `files-${agent}.pid`);
 }
@@ -5537,19 +5625,17 @@ function startLocalProxyDetached(port, apiBaseUrl) {
   const logFile = join(PIDFILE_DIR, "proxy.log");
   const out = openSync(logFile, "a");
   const err = openSync(logFile, "a");
-  const child = spawn("npx", ["multicorn-proxy"], {
+  const { executable, args, env: proxyEnv } = buildLocalProxySpawnCommand(port, apiBaseUrl);
+  const child = spawn(executable, [...args], {
     stdio: ["ignore", out, err],
     detached: true,
     env: {
       ...process.env,
-      PORT: String(port),
-      HOST: "127.0.0.1",
-      SHIELD_API_BASE_URL: apiBaseUrl,
+      ...proxyEnv
       // SAFETY: blanket-allow for private targets is acceptable ONLY because
       // this is a local single-user proxy. The only registered target is the
       // filesystem server on the same machine. Do NOT copy this pattern to a
       // multi-tenant or hosted proxy deployment.
-      ALLOW_PRIVATE_TARGETS: "true"
     }
   });
   child.unref();
@@ -5573,9 +5659,11 @@ async function ensureProxy(proxyPort, apiBaseUrl) {
       `A server is already running on port ${String(proxyPort)} but it's not a healthy Shield proxy. Stop it or re-run with --proxy-port <n>.`
     );
   }
+  const logFile = join(PIDFILE_DIR, "proxy.log");
   const child = startLocalProxyDetached(proxyPort, apiBaseUrl);
-  for (let i = 0; i < 30; i++) {
-    await sleep3(500);
+  for (let i = 0; i < LOCAL_PROXY_READY_MAX_POLLS; i++) {
+    await sleep3(LOCAL_PROXY_READY_POLL_MS);
+    if (child.exitCode !== null || child.signalCode !== null) break;
     if (await probeProxyHealth(proxyPort)) {
       if (child.pid !== void 0) {
         writeJsonFile(PROXY_REGISTRY, { pid: child.pid, port: proxyPort });
@@ -5587,9 +5675,8 @@ async function ensureProxy(proxyPort, apiBaseUrl) {
     if (child.pid !== void 0) killWithEscalation(child.pid, true);
   } catch {
   }
-  throw new Error(
-    `Could not start the local proxy on port ${String(proxyPort)}. Check the log at ${join(PIDFILE_DIR, "proxy.log")}.`
-  );
+  const childExited = child.exitCode !== null || child.signalCode !== null;
+  throw new Error(formatLocalProxyStartError(proxyPort, logFile, childExited, child.exitCode));
 }
 async function ensureFsServer(realDir, requestedPort) {
   const reg = readFsRegistry();
@@ -6196,6 +6283,7 @@ var DEFAULT_FS_PORT, DEFAULT_PROXY_PORT, PIDFILE_DIR, PROXY_REGISTRY, FS_REGISTR
 var init_files = __esm({
   "src/commands/files.ts"() {
     init_config();
+    init_local_proxy_start();
     DEFAULT_FS_PORT = 3005;
     DEFAULT_PROXY_PORT = 3001;
     PIDFILE_DIR = process.env["MULTICORN_HOME"] ?? join(homedir(), ".multicorn");

package/dist/multicorn-shield.js CHANGED Viewed

@@ -4985,10 +4985,95 @@ async function restoreClaudeDesktopMcpFromBackup() {
 // package.json
 var package_default = {
-  version: "1.11.0"};
+  version: "1.11.1"};
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;
+var LOCAL_PROXY_READY_POLL_MS = 500;
+var LOCAL_PROXY_READY_MAX_POLLS = 30;
+var NOT_FOUND_MESSAGE = "Local proxy server entry (dist/server.js) not found. Reinstall multicorn-shield or run pnpm build.";
+function findMulticornShieldPackageRoot(moduleDir = dirname(fileURLToPath(import.meta.url))) {
+  let current = moduleDir;
+  for (; ; ) {
+    const pkgPath = join(current, "package.json");
+    if (existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+        if (pkg.name === "multicorn-shield") {
+          return current;
+        }
+      } catch {
+      }
+    }
+    const parent = dirname(current);
+    if (parent === current) {
+      break;
+    }
+    current = parent;
+  }
+  try {
+    const req = createRequire(import.meta.url);
+    return dirname(req.resolve("multicorn-shield/package.json"));
+  } catch {
+    throw new Error(NOT_FOUND_MESSAGE);
+  }
+}
+function resolveLocalProxyServerEntry(options) {
+  const moduleDir = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(findMulticornShieldPackageRoot(moduleDir), "dist", "server.js")
+  ];
+  try {
+    const req = createRequire(import.meta.url);
+    const proxyRoot = dirname(req.resolve("multicorn-proxy/package.json"));
+    candidates.unshift(join(proxyRoot, "dist", "server.js"));
+  } catch {
+  }
+  for (const path of candidates) {
+    if (existsSync(path)) return path;
+  }
+  throw new Error(NOT_FOUND_MESSAGE);
+}
+function buildLocalProxySpawnEnv(port, apiBaseUrl) {
+  return {
+    PORT: String(port),
+    HOST: "127.0.0.1",
+    SHIELD_API_BASE_URL: apiBaseUrl,
+    ALLOW_PRIVATE_TARGETS: "true"
+  };
+}
+function buildLocalProxySpawnCommand(port, apiBaseUrl, execPath = process.execPath, serverEntryPath = resolveLocalProxyServerEntry()) {
+  const env = buildLocalProxySpawnEnv(port, apiBaseUrl);
+  return {
+    executable: execPath,
+    args: [serverEntryPath],
+    env,
+    serverEntryPath
+  };
+}
+function readProxyLogTail(logPath, maxBytes = 8e3) {
+  try {
+    const content = readFileSync(logPath, "utf8");
+    if (content.length <= maxBytes) return content;
+    return content.slice(-maxBytes);
+  } catch {
+    return "";
+  }
+}
+function formatLocalProxyStartError(port, logPath, childExited, exitCode) {
+  const logTail = readProxyLogTail(logPath);
+  const reason = childExited ? `Proxy process exited early${exitCode === null ? "" : ` (code ${String(exitCode)})`}.` : `Proxy did not become ready on port ${String(port)} within the timeout.`;
+  let message = `Could not start the local proxy on port ${String(port)}. ${reason}`;
+  message += logTail.length > 0 ? `
+Output from ${logPath}:
+${logTail.trimEnd()}` : `
+See ${logPath} for details.`;
+  return message;
+}
+// src/commands/files.ts
 var DEFAULT_FS_PORT = 3005;
 var DEFAULT_PROXY_PORT = 3001;
 var PIDFILE_DIR = process.env["MULTICORN_HOME"] ?? join(homedir(), ".multicorn");
@@ -5290,19 +5375,17 @@ function startLocalProxyDetached(port, apiBaseUrl) {
   const logFile = join(PIDFILE_DIR, "proxy.log");
   const out = openSync(logFile, "a");
   const err = openSync(logFile, "a");
-  const child = spawn("npx", ["multicorn-proxy"], {
+  const { executable, args, env: proxyEnv } = buildLocalProxySpawnCommand(port, apiBaseUrl);
+  const child = spawn(executable, [...args], {
     stdio: ["ignore", out, err],
     detached: true,
     env: {
       ...process.env,
-      PORT: String(port),
-      HOST: "127.0.0.1",
-      SHIELD_API_BASE_URL: apiBaseUrl,
+      ...proxyEnv
       // SAFETY: blanket-allow for private targets is acceptable ONLY because
       // this is a local single-user proxy. The only registered target is the
       // filesystem server on the same machine. Do NOT copy this pattern to a
       // multi-tenant or hosted proxy deployment.
-      ALLOW_PRIVATE_TARGETS: "true"
     }
   });
   child.unref();
@@ -5326,9 +5409,11 @@ async function ensureProxy(proxyPort, apiBaseUrl) {
       `A server is already running on port ${String(proxyPort)} but it's not a healthy Shield proxy. Stop it or re-run with --proxy-port <n>.`
     );
   }
+  const logFile = join(PIDFILE_DIR, "proxy.log");
   const child = startLocalProxyDetached(proxyPort, apiBaseUrl);
-  for (let i = 0; i < 30; i++) {
-    await sleep3(500);
+  for (let i = 0; i < LOCAL_PROXY_READY_MAX_POLLS; i++) {
+    await sleep3(LOCAL_PROXY_READY_POLL_MS);
+    if (child.exitCode !== null || child.signalCode !== null) break;
     if (await probeProxyHealth(proxyPort)) {
       if (child.pid !== void 0) {
         writeJsonFile(PROXY_REGISTRY, { pid: child.pid, port: proxyPort });
@@ -5340,9 +5425,8 @@ async function ensureProxy(proxyPort, apiBaseUrl) {
     if (child.pid !== void 0) killWithEscalation(child.pid, true);
   } catch {
   }
-  throw new Error(
-    `Could not start the local proxy on port ${String(proxyPort)}. Check the log at ${join(PIDFILE_DIR, "proxy.log")}.`
-  );
+  const childExited = child.exitCode !== null || child.signalCode !== null;
+  throw new Error(formatLocalProxyStartError(proxyPort, logFile, childExited, child.exitCode));
 }
 async function ensureFsServer(realDir, requestedPort) {
   const reg = readFsRegistry();