multicorn-shield 1.3.0 → 1.3.1

package/CHANGELOG.md

@@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Bump `version` in `package.json` before publishing to npm.
 
+## [1.3.1] - 2026-05-07
+
+### Fixed
+
+- Consent screen not opening for re-created agents with the same name (stale consent marker now cleared on polling timeout)
+- One-time approvals not working in Claude Code and Windsurf hooks (hook now polls approval status instead of immediately blocking when consent marker exists)
+
 ## [1.2.0] - 2026-05-06
 
 ### Added

package/dist/shield-extension.js

@@ -22417,7 +22417,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "1.3.0"};
+  version: "1.3.1"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",

package/plugins/multicorn-shield/hooks/scripts/pre-tool-use.cjs

@@ -357,6 +357,17 @@ function writeConsentMarker(agentName) {
   }
 }
 
+/**
+ * @param {string} agentName
+ */
+function removeConsentMarker(agentName) {
+  try {
+    fs.unlinkSync(consentMarkerPath(agentName));
+  } catch {
+    /* ignore */
+  }
+}
+
 /**
  * @param {string} url
  */
@@ -387,33 +398,16 @@ function sleep(ms) {
 }
 
 /**
+ * Polls GET /api/v1/approvals/{id} until the approval is decided or timeout.
+ * Returns true if approved (caller should exit 0), false on error/unknown.
+ * Exits the process on denial/expiry.
+ *
  * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
  * @param {string} approvalId
- * @param {string} service
- * @param {string} actionType
- * @returns {Promise<void>}
+ * @param {string} approvalsUrl
+ * @returns {Promise<boolean>}
  */
-async function handlePendingWithConsentAndPoll(
-  config,
-  approvalId,
-  service,
-  actionType,
-  approvalsUrl,
-) {
-  if (hasConsentMarker(config.agentName)) {
-    process.stderr.write(
-      `[multicorn-shield] PreToolUse: Action blocked: this action requires approval before it can run.\n` +
-        `  Grant access in the Shield dashboard and retry.\n` +
-        `  Detail: ${approvalsUrl}\n`,
-    );
-    process.exit(2);
-  }
-
-  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
-  writeConsentMarker(config.agentName);
-  openBrowser(url);
-  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
-
+async function pollApprovalStatus(config, approvalId, approvalsUrl) {
   for (let i = 0; i < MAX_APPROVAL_POLLS; i++) {
     if (i > 0) {
       await sleep(POLL_INTERVAL_MS);
@@ -438,7 +432,7 @@ async function handlePendingWithConsentAndPoll(
     const d = /** @type {Record<string, unknown>} */ (data);
     const st = String(d.status ?? "").toLowerCase();
     if (st === "approved") {
-      process.exit(0);
+      return true;
     }
     if (st === "blocked" || st === "denied" || st === "rejected") {
       const reason =
@@ -462,6 +456,60 @@ async function handlePendingWithConsentAndPoll(
       continue;
     }
   }
+  return false;
+}
+
+/**
+ * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
+ * @param {string} approvalId
+ * @param {string} service
+ * @param {string} actionType
+ * @returns {Promise<void>}
+ */
+async function handlePendingWithConsentAndPoll(
+  config,
+  approvalId,
+  service,
+  actionType,
+  approvalsUrl,
+) {
+  if (hasConsentMarker(config.agentName)) {
+    // Consent was previously completed. Poll for the approval decision.
+    // If the marker is stale (agent was re-created with no permissions),
+    // the API will keep returning "pending" and we'll detect it below.
+    process.stderr.write(
+      `[multicorn-shield] PreToolUse: Waiting for approval (up to 5 min)...\n` +
+        `  Approve in the Shield dashboard: ${approvalsUrl}\n`,
+    );
+
+    const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+    if (approved) {
+      process.exit(0);
+    }
+
+    // Timed out waiting. The consent marker may be stale (agent re-created
+    // on the server without permissions). Remove it so the next tool call
+    // triggers the consent flow instead of looping on approvals forever.
+    removeConsentMarker(config.agentName);
+
+    process.stderr.write(
+      `[multicorn-shield] PreToolUse: Action blocked: approval timed out after 5 minutes.\n` +
+        `  Approve in the Shield dashboard, then retry the tool call.\n` +
+        `  Detail: approvalsUrl=${approvalsUrl}\n`,
+    );
+    process.exit(2);
+  }
+
+  // No consent marker: first-time flow. Open the consent screen.
+  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+  writeConsentMarker(config.agentName);
+  openBrowser(url);
+  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
+
+  const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+  if (approved) {
+    process.exit(0);
+  }
 
   process.stderr.write(
     `[multicorn-shield] PreToolUse: Action blocked: approval timed out after 5 minutes.\n` +

package/plugins/windsurf/hooks/scripts/pre-action.cjs

@@ -400,6 +400,17 @@ function writeConsentMarker(agentName) {
   }
 }
 
+/**
+ * @param {string} agentName
+ */
+function removeConsentMarker(agentName) {
+  try {
+    fs.unlinkSync(consentMarkerPath(agentName));
+  } catch {
+    /* ignore */
+  }
+}
+
 /**
  * @param {string} url
  */
@@ -430,34 +441,16 @@ function sleep(ms) {
 }
 
 /**
+ * Polls GET /api/v1/approvals/{id} until the approval is decided or timeout.
+ * Returns true if approved, false on timeout.
+ * Exits the process on denial/expiry.
+ *
  * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
  * @param {string} approvalId
- * @param {string} service
- * @param {string} actionType
  * @param {string} approvalsUrl
- * @returns {Promise<void>}
+ * @returns {Promise<boolean>}
  */
-async function handlePendingWithConsentAndPoll(
-  config,
-  approvalId,
-  service,
-  actionType,
-  approvalsUrl,
-) {
-  if (hasConsentMarker(config.agentName)) {
-    process.stderr.write(
-      `${LOG_PREFIX} Action blocked: this action requires approval before it can run.\n` +
-        `  Grant access in the Shield dashboard and retry.\n` +
-        `  Detail: ${approvalsUrl}\n`,
-    );
-    process.exit(2);
-  }
-
-  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
-  writeConsentMarker(config.agentName);
-  openBrowser(url);
-  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
-
+async function pollApprovalStatus(config, approvalId, approvalsUrl) {
   for (let i = 0; i < MAX_APPROVAL_POLLS; i++) {
     if (i > 0) {
       await sleep(POLL_INTERVAL_MS);
@@ -482,7 +475,7 @@ async function handlePendingWithConsentAndPoll(
     const d = /** @type {Record<string, unknown>} */ (data);
     const st = String(d.status ?? "").toLowerCase();
     if (st === "approved") {
-      process.exit(0);
+      return true;
     }
     if (st === "blocked" || st === "denied" || st === "rejected") {
       const reason =
@@ -506,6 +499,57 @@ async function handlePendingWithConsentAndPoll(
       continue;
     }
   }
+  return false;
+}
+
+/**
+ * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
+ * @param {string} approvalId
+ * @param {string} service
+ * @param {string} actionType
+ * @param {string} approvalsUrl
+ * @returns {Promise<void>}
+ */
+async function handlePendingWithConsentAndPoll(
+  config,
+  approvalId,
+  service,
+  actionType,
+  approvalsUrl,
+) {
+  if (hasConsentMarker(config.agentName)) {
+    // Consent was previously completed. Poll for the approval decision.
+    process.stderr.write(
+      `${LOG_PREFIX} Waiting for approval (up to 5 min)...\n` +
+        `  Approve in the Shield dashboard: ${approvalsUrl}\n`,
+    );
+
+    const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+    if (approved) {
+      process.exit(0);
+    }
+
+    // Timed out. Remove stale consent marker so next call triggers consent flow.
+    removeConsentMarker(config.agentName);
+
+    process.stderr.write(
+      `${LOG_PREFIX} Action blocked: approval timed out after 5 minutes.\n` +
+        `  Approve in the Shield dashboard, then retry.\n` +
+        `  Detail: approvalsUrl=${approvalsUrl}\n`,
+    );
+    process.exit(2);
+  }
+
+  // No consent marker: first-time flow. Open the consent screen.
+  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+  writeConsentMarker(config.agentName);
+  openBrowser(url);
+  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
+
+  const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+  if (approved) {
+    process.exit(0);
+  }
 
   process.stderr.write(
     `${LOG_PREFIX} Action blocked: approval timed out after 5 minutes.\n` +