multicorn-shield 1.2.0 → 1.3.1

package/dist/openclaw-plugin/multicorn-shield.js

@@ -42,9 +42,9 @@ var TOOL_MAP = {
   slack_read: { service: "slack", permissionLevel: "read" },
   slack_message: { service: "slack", permissionLevel: "write" },
   // Payments
-  payments: { service: "payments", permissionLevel: "execute" },
-  payment: { service: "payments", permissionLevel: "execute" },
-  stripe: { service: "payments", permissionLevel: "execute" }
+  payments: { service: "payments", permissionLevel: "write" },
+  payment: { service: "payments", permissionLevel: "write" },
+  stripe: { service: "payments", permissionLevel: "write" }
 };
 function isDestructiveExecCommand(command) {
   const destructiveCommands = ["rm", "mv", "sudo", "chmod", "chown", "dd", "truncate", "shred"];

package/dist/shield-extension.js

@@ -8,6 +8,7 @@ import 'stream';
 import { spawn } from 'child_process';
 import { createHash } from 'crypto';
 import 'url';
+import 'module';
 import 'readline';
 
 // Multicorn Shield Claude Desktop Extension - https://multicorn.ai
@@ -22260,54 +22261,48 @@ function getClaudeDesktopConfigPath() {
   }
 }
 var INIT_WIZARD_PLATFORM_REGISTRY = [
-  { slug: "openclaw", displayName: "OpenClaw", section: "native", detectable: true },
-  { slug: "claude-code", displayName: "Claude Code", section: "native", detectable: true },
-  { slug: "windsurf", displayName: "Windsurf", section: "native", detectable: true },
-  { slug: "cline", displayName: "Cline", section: "native", detectable: false },
-  { slug: "gemini-cli", displayName: "Gemini CLI", section: "native", detectable: false },
+  { slug: "openclaw", displayName: "OpenClaw", section: "native" },
+  { slug: "claude-code", displayName: "Claude Code", section: "native" },
+  { slug: "windsurf", displayName: "Windsurf", section: "native" },
+  { slug: "cline", displayName: "Cline", section: "native" },
+  { slug: "gemini-cli", displayName: "Gemini CLI", section: "native" },
   {
     slug: "cursor",
     displayName: "Cursor",
     section: "hosted",
-    prereqUrl: "https://www.cursor.com/downloads",
-    detectable: true
+    prereqUrl: "https://www.cursor.com/downloads"
   },
   {
     slug: "claude-desktop",
     displayName: "Claude Desktop",
     section: "hosted",
-    prereqUrl: "https://claude.ai/download",
-    detectable: false
+    prereqUrl: "https://claude.ai/download"
   },
   {
     slug: "github-copilot",
     displayName: "GitHub Copilot",
     section: "hosted",
-    prereqUrl: "https://docs.github.com/en/copilot/get-started",
-    detectable: false
+    prereqUrl: "https://docs.github.com/en/copilot/get-started"
   },
   {
     slug: "kilo-code",
     displayName: "Kilo Code",
     section: "hosted",
-    prereqUrl: "https://kilocode.ai/docs/getting-started",
-    detectable: false
+    prereqUrl: "https://kilocode.ai/docs/getting-started"
   },
   {
     slug: "continue-dev",
     displayName: "Continue",
     section: "hosted",
-    prereqUrl: "https://docs.continue.dev/ide-extensions/install",
-    detectable: false
+    prereqUrl: "https://docs.continue.dev/ide-extensions/install"
   },
   {
     slug: "goose",
     displayName: "Goose",
     section: "hosted",
-    prereqUrl: "https://goose-docs.ai/docs/quickstart/",
-    detectable: false
+    prereqUrl: "https://goose-docs.ai/docs/quickstart/"
   },
-  { slug: "other-mcp", displayName: "Local MCP / Other", section: "hosted", detectable: false }
+  { slug: "other-mcp", displayName: "Local MCP / Other", section: "hosted" }
 ];
 (() => {
   const itemsFor = (section) => INIT_WIZARD_PLATFORM_REGISTRY.filter((e) => e.section === section).map((e) => ({
@@ -22422,7 +22417,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "1.2.0"};
+  version: "1.3.1"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.2.0",
+  "version": "1.3.1",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",
@@ -36,6 +36,7 @@
   },
   "files": [
     "dist",
+    "plugins/multicorn-shield",
     "plugins/windsurf",
     "plugins/cline",
     "plugins/gemini-cli",

package/plugins/multicorn-shield/.claude-plugin/plugin.json

@@ -0,0 +1,8 @@
+{
+  "name": "multicorn-shield",
+  "description": "Agent governance plugin for Claude Code. Intercepts tool calls via PreToolUse hooks, enforces permissions, spending limits, and maintains audit trails.",
+  "author": {
+    "name": "Multicorn AI",
+    "email": "hello@multicorn.ai"
+  }
+}

package/plugins/multicorn-shield/hooks/hooks.json

@@ -0,0 +1,26 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/scripts/pre-tool-use.cjs\""
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/scripts/post-tool-use.cjs\""
+          }
+        ]
+      }
+    ]
+  }
+}

package/plugins/multicorn-shield/hooks/scripts/claude-code-tool-map.cjs

@@ -0,0 +1,138 @@
+"use strict";
+
+// AUTO-GENERATED from src/hooks/claude-code-tool-map.ts — do not edit manually. Run pnpm build from the package root to regenerate.
+
+// src/openclaw/tool-mapper.ts
+var TOOL_MAP = {
+  // OpenClaw built-in tools
+  read: { service: "filesystem", permissionLevel: "read" },
+  write: { service: "filesystem", permissionLevel: "write" },
+  edit: { service: "filesystem", permissionLevel: "write" },
+  exec: { service: "terminal", permissionLevel: "execute" },
+  browser: { service: "browser", permissionLevel: "execute" },
+  message: { service: "messaging", permissionLevel: "write" },
+  process: { service: "terminal", permissionLevel: "execute" },
+  sessions_spawn: { service: "agents", permissionLevel: "execute" },
+  // Common integration tools (MCP servers, skills, etc.)
+  // Gmail
+  gmail: { service: "gmail", permissionLevel: "execute" },
+  gmail_send: { service: "gmail", permissionLevel: "write" },
+  gmail_read: { service: "gmail", permissionLevel: "read" },
+  // Google Calendar
+  google_calendar: { service: "google_calendar", permissionLevel: "execute" },
+  calendar: { service: "google_calendar", permissionLevel: "execute" },
+  calendar_create: { service: "google_calendar", permissionLevel: "write" },
+  calendar_read: { service: "google_calendar", permissionLevel: "read" },
+  // Google Drive
+  google_drive: { service: "google_drive", permissionLevel: "execute" },
+  drive: { service: "google_drive", permissionLevel: "execute" },
+  drive_read: { service: "google_drive", permissionLevel: "read" },
+  drive_write: { service: "google_drive", permissionLevel: "write" },
+  // Slack
+  slack: { service: "slack", permissionLevel: "execute" },
+  slack_send: { service: "slack", permissionLevel: "write" },
+  slack_read: { service: "slack", permissionLevel: "read" },
+  slack_message: { service: "slack", permissionLevel: "write" },
+  // Payments
+  payments: { service: "payments", permissionLevel: "write" },
+  payment: { service: "payments", permissionLevel: "write" },
+  stripe: { service: "payments", permissionLevel: "write" },
+};
+function isDestructiveExecCommand(command) {
+  const destructiveCommands = ["rm", "mv", "sudo", "chmod", "chown", "dd", "truncate", "shred"];
+  const normalized = command.toLowerCase();
+  return destructiveCommands.some((destructive) => normalized.includes(destructive));
+}
+function mapToolToScope(toolName, command) {
+  const normalized = toolName.trim().toLowerCase();
+  if (normalized.length === 0) {
+    return { service: "unknown", permissionLevel: "execute" };
+  }
+  const known = TOOL_MAP[normalized];
+  if (known !== void 0) {
+    return known;
+  }
+  const integrationPrefixes = {
+    gmail: "gmail",
+    google_calendar: "google_calendar",
+    calendar: "google_calendar",
+    google_drive: "google_drive",
+    drive: "google_drive",
+    slack: "slack",
+    payments: "payments",
+    payment: "payments",
+    stripe: "payments",
+  };
+  for (const [prefix, service] of Object.entries(integrationPrefixes)) {
+    if (normalized.startsWith(prefix + "_") || normalized === prefix) {
+      let permissionLevel = "execute";
+      if (
+        normalized.includes("_read") ||
+        normalized.includes("_get") ||
+        normalized.includes("_list")
+      ) {
+        permissionLevel = "read";
+      } else if (
+        normalized.includes("_write") ||
+        normalized.includes("_send") ||
+        normalized.includes("_create") ||
+        normalized.includes("_update") ||
+        normalized.includes("_delete")
+      ) {
+        permissionLevel = "write";
+      }
+      return { service, permissionLevel };
+    }
+  }
+  return { service: normalized, permissionLevel: "execute" };
+}
+
+// src/hooks/claude-code-tool-map.ts
+function extractExecCommand(toolInput) {
+  if (toolInput === void 0 || toolInput === null) {
+    return void 0;
+  }
+  if (typeof toolInput === "string") {
+    try {
+      return extractExecCommand(JSON.parse(toolInput));
+    } catch {
+      process.stderr.write("Shield: failed to parse tool input as JSON, using raw string\n");
+      return toolInput;
+    }
+  }
+  if (typeof toolInput === "object") {
+    const o = toolInput;
+    const c = o["command"] ?? o["cmd"];
+    if (typeof c === "string") {
+      return c;
+    }
+  }
+  return void 0;
+}
+function mapClaudeCodeToolToShield(toolName, toolInput) {
+  const n = toolName.trim().toLowerCase();
+  if (n.length === 0) {
+    return { service: "unknown", actionType: "execute" };
+  }
+  if (n === "bash" || n === "shell") {
+    const cmd = extractExecCommand(toolInput);
+    if (cmd !== void 0 && isDestructiveExecCommand(cmd)) {
+      return { service: "terminal", actionType: "write" };
+    }
+    return { service: "terminal", actionType: "execute" };
+  }
+  if (n === "glob" || n === "grep") {
+    return { service: "filesystem", actionType: "read" };
+  }
+  if (n === "webfetch") {
+    return { service: "web", actionType: "read" };
+  }
+  if (n === "task") {
+    return { service: "subagent", actionType: "execute" };
+  }
+  const scope = mapToolToScope(n);
+  return { service: scope.service, actionType: scope.permissionLevel };
+}
+
+exports.extractExecCommand = extractExecCommand;
+exports.mapClaudeCodeToolToShield = mapClaudeCodeToolToShield;

package/plugins/multicorn-shield/hooks/scripts/post-tool-use.cjs

@@ -0,0 +1,253 @@
+/**
+ * Claude Code PostToolUse hook: logs completed tool calls to Shield (audit trail).
+ * Never blocks; always exit 0.
+ *
+ * Tool mapping: see `./claude-code-tool-map.cjs` (built from `src/hooks/claude-code-tool-map.ts`).
+ */
+
+"use strict";
+
+const fs = require("node:fs");
+const http = require("node:http");
+const https = require("node:https");
+const os = require("node:os");
+const path = require("node:path");
+
+const { mapClaudeCodeToolToShield } = require("./claude-code-tool-map.cjs");
+
+const AUTH_HEADER = "X-Multicorn-Key";
+
+/**
+ * @returns {Promise<string>}
+ */
+function readStdin() {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (c) => chunks.push(c));
+    process.stdin.on("end", () => resolve(chunks.join("")));
+    process.stdin.on("error", reject);
+  });
+}
+
+// Agent resolution for Claude Code (duplicated in pre-tool-use.cjs).
+/**
+ * @param {string} cwdResolved
+ * @param {string} workspacePath
+ * @returns {boolean}
+ */
+function cwdUnderWorkspacePath(cwdResolved, workspacePath) {
+  const w = path.resolve(workspacePath);
+  if (cwdResolved === w) return true;
+  const prefix = w.endsWith(path.sep) ? w : w + path.sep;
+  return cwdResolved.startsWith(prefix);
+}
+
+/**
+ * @param {Record<string, unknown>} obj
+ * @returns {string}
+ */
+function resolveClaudeCodeAgentName(obj) {
+  const cwdRaw =
+    process.env.PWD !== undefined && String(process.env.PWD).length > 0
+      ? process.env.PWD
+      : process.cwd();
+  const agents = obj.agents;
+  const defaultAgentRaw = obj.defaultAgent;
+  const defaultAgentName =
+    typeof defaultAgentRaw === "string" && defaultAgentRaw.length > 0 ? defaultAgentRaw : "";
+
+  if (!Array.isArray(agents)) {
+    return typeof obj.agentName === "string" ? obj.agentName : "";
+  }
+
+  const matches = [];
+  for (const entry of agents) {
+    if (
+      entry &&
+      typeof entry === "object" &&
+      /** @type {{ platform?: string; name?: string; workspacePath?: string }} */ (entry)
+        .platform === "claude-code" &&
+      typeof (/** @type {{ name?: string }} */ (entry).name) === "string"
+    ) {
+      matches.push(/** @type {{ name: string; workspacePath?: string }} */ (entry));
+    }
+  }
+
+  if (matches.length === 0) {
+    return typeof obj.agentName === "string" ? obj.agentName : "";
+  }
+
+  const withWs = matches.filter(
+    (m) => typeof m.workspacePath === "string" && m.workspacePath.length > 0,
+  );
+  const resolvedCwd = path.resolve(cwdRaw);
+  let best = null;
+  let bestLen = -1;
+  for (const m of withWs) {
+    if (!cwdUnderWorkspacePath(resolvedCwd, /** @type {string} */ (m.workspacePath))) continue;
+    const len = path.resolve(/** @type {string} */ (m.workspacePath)).length;
+    if (len > bestLen) {
+      bestLen = len;
+      best = m;
+    }
+  }
+  if (best !== null) {
+    return best.name;
+  }
+  if (defaultAgentName.length > 0) {
+    const d = matches.find((m) => m.name === defaultAgentName);
+    if (d !== undefined) return d.name;
+  }
+  return matches[0].name;
+}
+
+/**
+ * @returns {{ apiKey: string; baseUrl: string; agentName: string } | null}
+ */
+function loadConfig() {
+  try {
+    const configPath = path.join(os.homedir(), ".multicorn", "config.json");
+    const raw = fs.readFileSync(configPath, "utf8");
+    const obj = JSON.parse(raw);
+    const apiKey = typeof obj.apiKey === "string" ? obj.apiKey : "";
+    const baseUrl =
+      typeof obj.baseUrl === "string" && obj.baseUrl.length > 0
+        ? obj.baseUrl.replace(/\/+$/, "")
+        : "https://api.multicorn.ai";
+    const agentName = resolveClaudeCodeAgentName(obj);
+    return { apiKey, baseUrl, agentName };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * @param {string} urlString
+ * @param {string} apiKey
+ * @param {Record<string, unknown>} bodyObj
+ * @returns {Promise<void>}
+ */
+function postJson(baseUrl, apiKey, bodyObj) {
+  return new Promise((resolve, reject) => {
+    let u;
+    try {
+      const root = String(baseUrl).replace(/\/+$/, "");
+      u = new URL(`${root}/api/v1/actions`);
+    } catch (e) {
+      reject(e);
+      return;
+    }
+    const payload = JSON.stringify(bodyObj);
+    const isHttps = u.protocol === "https:";
+    const lib = isHttps ? https : http;
+    const port = u.port || (isHttps ? 443 : 80);
+    const options = {
+      hostname: u.hostname,
+      port,
+      path: u.pathname + u.search,
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Content-Length": Buffer.byteLength(payload, "utf8"),
+        [AUTH_HEADER]: apiKey,
+      },
+    };
+    const req = lib.request(options, (res) => {
+      res.resume();
+      res.on("end", () => resolve());
+    });
+    req.on("error", reject);
+    req.write(payload);
+    req.end();
+  });
+}
+
+async function main() {
+  let raw;
+  try {
+    raw = await readStdin();
+  } catch {
+    process.exit(0);
+  }
+
+  const config = loadConfig();
+  if (config === null || config.apiKey.length === 0 || config.agentName.length === 0) {
+    process.exit(0);
+  }
+
+  /** @type {Record<string, unknown>} */
+  let hookPayload;
+  try {
+    hookPayload = JSON.parse(raw.length > 0 ? raw : "{}");
+  } catch {
+    process.exit(0);
+  }
+
+  const toolNameRaw =
+    (typeof hookPayload.tool_name === "string" && hookPayload.tool_name) ||
+    (typeof hookPayload.toolName === "string" && hookPayload.toolName) ||
+    "";
+  const toolInput =
+    hookPayload.tool_input !== undefined ? hookPayload.tool_input : hookPayload.toolInput;
+  const toolResult =
+    hookPayload.tool_result !== undefined
+      ? hookPayload.tool_result
+      : hookPayload.toolResult !== undefined
+        ? hookPayload.toolResult
+        : undefined;
+
+  let toolInputSerialized;
+  let toolResultSerialized;
+  try {
+    toolInputSerialized =
+      typeof toolInput === "string"
+        ? toolInput
+        : JSON.stringify(toolInput === undefined ? null : toolInput);
+    toolResultSerialized =
+      typeof toolResult === "string"
+        ? toolResult
+        : JSON.stringify(toolResult === undefined ? null : toolResult);
+  } catch {
+    process.exit(0);
+  }
+
+  const { service, actionType } = mapClaudeCodeToolToShield(toolNameRaw, toolInput);
+
+  /** @type {Record<string, unknown>} */
+  const metadata = {
+    tool_name: toolNameRaw,
+    tool_input: toolInputSerialized,
+    tool_result: toolResultSerialized,
+    source: "claude-code",
+  };
+
+  /** @type {Record<string, unknown>} */
+  const payload = {
+    agent: config.agentName,
+    service,
+    actionType,
+    status: "approved",
+    metadata,
+    platform: "claude-code",
+  };
+
+  try {
+    await postJson(config.baseUrl, config.apiKey, payload);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    process.stderr.write(
+      `[multicorn-shield] PostToolUse: Warning: failed to log action to Shield audit trail.\n  Detail: ${msg}\n`,
+    );
+  }
+
+  process.exit(0);
+}
+
+main().catch((e) => {
+  const msg = e instanceof Error ? e.message : String(e);
+  process.stderr.write(
+    `[multicorn-shield] PostToolUse: Warning: failed to log action to Shield audit trail.\n  Detail: ${msg}\n`,
+  );
+  process.exit(0);
+});