multicorn-shield 1.3.0 → 1.3.2

package/CHANGELOG.md

@@ -9,6 +9,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Bump `version` in `package.json` before publishing to npm.
 
+## [1.3.2] - 2026-05-07
+
+### Fixed
+
+- Pass action cost (USD) to the backend when logging approved and spending-blocked actions via the MCP proxy. Previously cost was computed locally for spending-limit checks but never sent to the API, causing all agent spend totals to show $0.
+- Add optional `cost` field to `ActionLogPayload` in `shield-client.ts` so OpenClaw plugin callers can include cost when it becomes available upstream.
+- Sanitise cost values extracted from tool arguments before logging (reject negative, NaN, Infinity, and values exceeding $1M).
+
+### Added
+
+- Print signup URL and API key instructions before the key prompt in the CLI wizard for new users who don't yet have an account.
+- Print dashboard URL at the end of the CLI wizard setup summary.
+- Log a one-time "First action recorded" message with dashboard link on the first approved action in both the MCP proxy and OpenClaw plugin.
+
+## [1.3.1] - 2026-05-07
+
+### Fixed
+
+- Consent screen not opening for re-created agents with the same name (stale consent marker now cleared on polling timeout)
+- One-time approvals not working in Claude Code and Windsurf hooks (hook now polls approval status instead of immediately blocking when consent marker exists)
+
 ## [1.2.0] - 2026-05-06
 
 ### Added

package/dist/multicorn-proxy.js

@@ -1724,6 +1724,16 @@ async function runInit(explicitBaseUrl) {
       apiKey = existing.apiKey;
     }
   }
+  if (apiKey.length === 0) {
+    const signupDashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Multicorn Shield controls what your AI agents can do.");
+    console.log("  You need a free account to get an API key.");
+    console.log("");
+    console.log(`  1. Sign up or log in \u2192 ${signupDashboardUrl}`);
+    console.log("  2. Go to Settings \u2192 API Keys to create a key");
+    console.log("");
+  }
   while (apiKey.length === 0) {
     const input = await ask("API key (starts with mcs_): ");
     const key = input.trim();
@@ -2416,6 +2426,13 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       process.stderr.write("\n" + style.bold(style.violet("Next steps")) + "\n");
       process.stderr.write(blocks.join("") + "\n");
     }
+    const dashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Your dashboard");
+    console.log(`  \u2192 ${dashboardUrl}/agents`);
+    console.log("");
+    console.log("  Use any tool in your agent to see it appear.");
+    console.log("");
   }
   return lastConfig;
 }
@@ -3012,6 +3029,7 @@ function createProxyServer(config) {
   const pendingLines = [];
   let draining = false;
   let stopped = false;
+  let hasLoggedFirstAction = false;
   async function refreshScopes() {
     if (stopped) return;
     if (agentId.length === 0) return;
@@ -3117,8 +3135,10 @@ function createProxyServer(config) {
           );
         }
       }
+      const rawCostCents = extractCostCents(toolParams.arguments);
+      const costCents = Number.isFinite(rawCostCents) && rawCostCents > 0 ? Math.min(rawCostCents, 1e8) : 0;
+      const costUsd = costCents > 0 ? costCents / 100 : void 0;
       if (spendingChecker !== null) {
-        const costCents = extractCostCents(toolParams.arguments);
         if (costCents > 0) {
           const spendResult = spendingChecker.checkSpend(costCents);
           if (!spendResult.allowed) {
@@ -3137,7 +3157,8 @@ function createProxyServer(config) {
                   agent: config.agentName,
                   service,
                   actionType: action,
-                  status: "blocked"
+                  status: "blocked",
+                  ...costUsd !== void 0 ? { cost: costUsd } : {}
                 });
                 config.logger.debug("Spending-blocked action logged.", { tool: toolParams.name });
               }
@@ -3165,9 +3186,15 @@ function createProxyServer(config) {
             agent: config.agentName,
             service,
             actionType: action,
-            status: "approved"
+            status: "approved",
+            ...costUsd !== void 0 ? { cost: costUsd } : {}
           });
           config.logger.debug("Approved action logged.", { tool: toolParams.name });
+          if (!hasLoggedFirstAction) {
+            hasLoggedFirstAction = true;
+            const dashUrl = deriveDashboardUrl(config.baseUrl).replace(/\/+$/, "");
+            config.logger.info(`First action recorded. View activity \u2192 ${dashUrl}/agents`);
+          }
         }
       }
       return null;

package/dist/multicorn-shield.js

@@ -1795,6 +1795,16 @@ async function runInit(explicitBaseUrl) {
       apiKey = existing.apiKey;
     }
   }
+  if (apiKey.length === 0) {
+    const signupDashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Multicorn Shield controls what your AI agents can do.");
+    console.log("  You need a free account to get an API key.");
+    console.log("");
+    console.log(`  1. Sign up or log in \u2192 ${signupDashboardUrl}`);
+    console.log("  2. Go to Settings \u2192 API Keys to create a key");
+    console.log("");
+  }
   while (apiKey.length === 0) {
     const input = await ask("API key (starts with mcs_): ");
     const key = input.trim();
@@ -2487,6 +2497,13 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       process.stderr.write("\n" + style.bold(style.violet("Next steps")) + "\n");
       process.stderr.write(blocks.join("") + "\n");
     }
+    const dashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Your dashboard");
+    console.log(`  \u2192 ${dashboardUrl}/agents`);
+    console.log("");
+    console.log("  Use any tool in your agent to see it appear.");
+    console.log("");
   }
   return lastConfig;
 }
@@ -2964,6 +2981,7 @@ function createProxyServer(config) {
   const pendingLines = [];
   let draining = false;
   let stopped = false;
+  let hasLoggedFirstAction = false;
   async function refreshScopes() {
     if (stopped) return;
     if (agentId.length === 0) return;
@@ -3069,8 +3087,10 @@ function createProxyServer(config) {
           );
         }
       }
+      const rawCostCents = extractCostCents(toolParams.arguments);
+      const costCents = Number.isFinite(rawCostCents) && rawCostCents > 0 ? Math.min(rawCostCents, 1e8) : 0;
+      const costUsd = costCents > 0 ? costCents / 100 : void 0;
       if (spendingChecker !== null) {
-        const costCents = extractCostCents(toolParams.arguments);
         if (costCents > 0) {
           const spendResult = spendingChecker.checkSpend(costCents);
           if (!spendResult.allowed) {
@@ -3089,7 +3109,8 @@ function createProxyServer(config) {
                   agent: config.agentName,
                   service,
                   actionType: action,
-                  status: "blocked"
+                  status: "blocked",
+                  ...costUsd !== void 0 ? { cost: costUsd } : {}
                 });
                 config.logger.debug("Spending-blocked action logged.", { tool: toolParams.name });
               }
@@ -3117,9 +3138,15 @@ function createProxyServer(config) {
             agent: config.agentName,
             service,
             actionType: action,
-            status: "approved"
+            status: "approved",
+            ...costUsd !== void 0 ? { cost: costUsd } : {}
           });
           config.logger.debug("Approved action logged.", { tool: toolParams.name });
+          if (!hasLoggedFirstAction) {
+            hasLoggedFirstAction = true;
+            const dashUrl = deriveDashboardUrl(config.baseUrl).replace(/\/+$/, "");
+            config.logger.info(`First action recorded. View activity \u2192 ${dashUrl}/agents`);
+          }
         }
       }
       return null;

package/dist/openclaw-plugin/multicorn-shield.js

@@ -468,6 +468,7 @@ var pluginLogger = null;
 var pluginConfig;
 var connectionLogged = false;
 var pinnedAgentName = null;
+var hasLoggedFirstAction = false;
 var SCOPE_REFRESH_INTERVAL_MS = 6e4;
 var cachedMulticornConfig = null;
 function loadMulticornConfig() {
@@ -863,6 +864,13 @@ function afterToolCall(event, ctx) {
     config.baseUrl,
     pluginLogger ?? void 0
   );
+  if (!event.error && !hasLoggedFirstAction) {
+    hasLoggedFirstAction = true;
+    const dashUrl = deriveDashboardUrl(config.baseUrl).replace(/\/+$/, "");
+    if (pluginLogger) {
+      pluginLogger.info(`First action recorded. View activity \u2192 ${dashUrl}/agents`);
+    }
+  }
   return Promise.resolve();
 }
 var plugin = {
@@ -908,6 +916,7 @@ function resetState() {
   cachedMulticornConfig = null;
   connectionLogged = false;
   pinnedAgentName = null;
+  hasLoggedFirstAction = false;
 }
 
 export { afterToolCall, beforeToolCall, plugin, readConfig, register, resetState, resolveAgentName };

package/dist/shield-extension.js

@@ -22417,7 +22417,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "1.3.0"};
+  version: "1.3.2"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",

package/plugins/multicorn-shield/hooks/scripts/pre-tool-use.cjs

@@ -357,6 +357,17 @@ function writeConsentMarker(agentName) {
   }
 }
 
+/**
+ * @param {string} agentName
+ */
+function removeConsentMarker(agentName) {
+  try {
+    fs.unlinkSync(consentMarkerPath(agentName));
+  } catch {
+    /* ignore */
+  }
+}
+
 /**
  * @param {string} url
  */
@@ -387,33 +398,16 @@ function sleep(ms) {
 }
 
 /**
+ * Polls GET /api/v1/approvals/{id} until the approval is decided or timeout.
+ * Returns true if approved (caller should exit 0), false on error/unknown.
+ * Exits the process on denial/expiry.
+ *
  * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
  * @param {string} approvalId
- * @param {string} service
- * @param {string} actionType
- * @returns {Promise<void>}
+ * @param {string} approvalsUrl
+ * @returns {Promise<boolean>}
  */
-async function handlePendingWithConsentAndPoll(
-  config,
-  approvalId,
-  service,
-  actionType,
-  approvalsUrl,
-) {
-  if (hasConsentMarker(config.agentName)) {
-    process.stderr.write(
-      `[multicorn-shield] PreToolUse: Action blocked: this action requires approval before it can run.\n` +
-        `  Grant access in the Shield dashboard and retry.\n` +
-        `  Detail: ${approvalsUrl}\n`,
-    );
-    process.exit(2);
-  }
-
-  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
-  writeConsentMarker(config.agentName);
-  openBrowser(url);
-  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
-
+async function pollApprovalStatus(config, approvalId, approvalsUrl) {
   for (let i = 0; i < MAX_APPROVAL_POLLS; i++) {
     if (i > 0) {
       await sleep(POLL_INTERVAL_MS);
@@ -438,7 +432,7 @@ async function handlePendingWithConsentAndPoll(
     const d = /** @type {Record<string, unknown>} */ (data);
     const st = String(d.status ?? "").toLowerCase();
     if (st === "approved") {
-      process.exit(0);
+      return true;
     }
     if (st === "blocked" || st === "denied" || st === "rejected") {
       const reason =
@@ -462,6 +456,60 @@ async function handlePendingWithConsentAndPoll(
       continue;
     }
   }
+  return false;
+}
+
+/**
+ * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
+ * @param {string} approvalId
+ * @param {string} service
+ * @param {string} actionType
+ * @returns {Promise<void>}
+ */
+async function handlePendingWithConsentAndPoll(
+  config,
+  approvalId,
+  service,
+  actionType,
+  approvalsUrl,
+) {
+  if (hasConsentMarker(config.agentName)) {
+    // Consent was previously completed. Poll for the approval decision.
+    // If the marker is stale (agent was re-created with no permissions),
+    // the API will keep returning "pending" and we'll detect it below.
+    process.stderr.write(
+      `[multicorn-shield] PreToolUse: Waiting for approval (up to 5 min)...\n` +
+        `  Approve in the Shield dashboard: ${approvalsUrl}\n`,
+    );
+
+    const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+    if (approved) {
+      process.exit(0);
+    }
+
+    // Timed out waiting. The consent marker may be stale (agent re-created
+    // on the server without permissions). Remove it so the next tool call
+    // triggers the consent flow instead of looping on approvals forever.
+    removeConsentMarker(config.agentName);
+
+    process.stderr.write(
+      `[multicorn-shield] PreToolUse: Action blocked: approval timed out after 5 minutes.\n` +
+        `  Approve in the Shield dashboard, then retry the tool call.\n` +
+        `  Detail: approvalsUrl=${approvalsUrl}\n`,
+    );
+    process.exit(2);
+  }
+
+  // No consent marker: first-time flow. Open the consent screen.
+  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+  writeConsentMarker(config.agentName);
+  openBrowser(url);
+  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
+
+  const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+  if (approved) {
+    process.exit(0);
+  }
 
   process.stderr.write(
     `[multicorn-shield] PreToolUse: Action blocked: approval timed out after 5 minutes.\n` +

package/plugins/windsurf/hooks/scripts/pre-action.cjs

@@ -400,6 +400,17 @@ function writeConsentMarker(agentName) {
   }
 }
 
+/**
+ * @param {string} agentName
+ */
+function removeConsentMarker(agentName) {
+  try {
+    fs.unlinkSync(consentMarkerPath(agentName));
+  } catch {
+    /* ignore */
+  }
+}
+
 /**
  * @param {string} url
  */
@@ -430,34 +441,16 @@ function sleep(ms) {
 }
 
 /**
+ * Polls GET /api/v1/approvals/{id} until the approval is decided or timeout.
+ * Returns true if approved, false on timeout.
+ * Exits the process on denial/expiry.
+ *
  * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
  * @param {string} approvalId
- * @param {string} service
- * @param {string} actionType
  * @param {string} approvalsUrl
- * @returns {Promise<void>}
+ * @returns {Promise<boolean>}
  */
-async function handlePendingWithConsentAndPoll(
-  config,
-  approvalId,
-  service,
-  actionType,
-  approvalsUrl,
-) {
-  if (hasConsentMarker(config.agentName)) {
-    process.stderr.write(
-      `${LOG_PREFIX} Action blocked: this action requires approval before it can run.\n` +
-        `  Grant access in the Shield dashboard and retry.\n` +
-        `  Detail: ${approvalsUrl}\n`,
-    );
-    process.exit(2);
-  }
-
-  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
-  writeConsentMarker(config.agentName);
-  openBrowser(url);
-  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
-
+async function pollApprovalStatus(config, approvalId, approvalsUrl) {
   for (let i = 0; i < MAX_APPROVAL_POLLS; i++) {
     if (i > 0) {
       await sleep(POLL_INTERVAL_MS);
@@ -482,7 +475,7 @@ async function handlePendingWithConsentAndPoll(
     const d = /** @type {Record<string, unknown>} */ (data);
     const st = String(d.status ?? "").toLowerCase();
     if (st === "approved") {
-      process.exit(0);
+      return true;
     }
     if (st === "blocked" || st === "denied" || st === "rejected") {
       const reason =
@@ -506,6 +499,57 @@ async function handlePendingWithConsentAndPoll(
       continue;
     }
   }
+  return false;
+}
+
+/**
+ * @param {{ apiKey: string; baseUrl: string; agentName: string }} config
+ * @param {string} approvalId
+ * @param {string} service
+ * @param {string} actionType
+ * @param {string} approvalsUrl
+ * @returns {Promise<void>}
+ */
+async function handlePendingWithConsentAndPoll(
+  config,
+  approvalId,
+  service,
+  actionType,
+  approvalsUrl,
+) {
+  if (hasConsentMarker(config.agentName)) {
+    // Consent was previously completed. Poll for the approval decision.
+    process.stderr.write(
+      `${LOG_PREFIX} Waiting for approval (up to 5 min)...\n` +
+        `  Approve in the Shield dashboard: ${approvalsUrl}\n`,
+    );
+
+    const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+    if (approved) {
+      process.exit(0);
+    }
+
+    // Timed out. Remove stale consent marker so next call triggers consent flow.
+    removeConsentMarker(config.agentName);
+
+    process.stderr.write(
+      `${LOG_PREFIX} Action blocked: approval timed out after 5 minutes.\n` +
+        `  Approve in the Shield dashboard, then retry.\n` +
+        `  Detail: approvalsUrl=${approvalsUrl}\n`,
+    );
+    process.exit(2);
+  }
+
+  // No consent marker: first-time flow. Open the consent screen.
+  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
+  writeConsentMarker(config.agentName);
+  openBrowser(url);
+  process.stderr.write("Opening Shield consent screen... Waiting for approval (up to 5 min).\n");
+
+  const approved = await pollApprovalStatus(config, approvalId, approvalsUrl);
+  if (approved) {
+    process.exit(0);
+  }
 
   process.stderr.write(
     `${LOG_PREFIX} Action blocked: approval timed out after 5 minutes.\n` +