npm - multicorn-shield - Versions diffs - 1.3.1 → 1.3.2 - Mend

multicorn-shield 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +14 -0
package/dist/multicorn-proxy.js +30 -3
package/dist/multicorn-shield.js +30 -3
package/dist/openclaw-plugin/multicorn-shield.js +9 -0
package/dist/shield-extension.js +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -9,6 +9,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump `version` in `package.json` before publishing to npm.
+## [1.3.2] - 2026-05-07
+### Fixed
+- Pass action cost (USD) to the backend when logging approved and spending-blocked actions via the MCP proxy. Previously cost was computed locally for spending-limit checks but never sent to the API, causing all agent spend totals to show $0.
+- Add optional `cost` field to `ActionLogPayload` in `shield-client.ts` so OpenClaw plugin callers can include cost when it becomes available upstream.
+- Sanitise cost values extracted from tool arguments before logging (reject negative, NaN, Infinity, and values exceeding $1M).
+### Added
+- Print signup URL and API key instructions before the key prompt in the CLI wizard for new users who don't yet have an account.
+- Print dashboard URL at the end of the CLI wizard setup summary.
+- Log a one-time "First action recorded" message with dashboard link on the first approved action in both the MCP proxy and OpenClaw plugin.
 ## [1.3.1] - 2026-05-07
 ### Fixed

package/dist/multicorn-proxy.js CHANGED Viewed

@@ -1724,6 +1724,16 @@ async function runInit(explicitBaseUrl) {
       apiKey = existing.apiKey;
     }
   }
+  if (apiKey.length === 0) {
+    const signupDashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Multicorn Shield controls what your AI agents can do.");
+    console.log("  You need a free account to get an API key.");
+    console.log("");
+    console.log(`  1. Sign up or log in \u2192 ${signupDashboardUrl}`);
+    console.log("  2. Go to Settings \u2192 API Keys to create a key");
+    console.log("");
+  }
   while (apiKey.length === 0) {
     const input = await ask("API key (starts with mcs_): ");
     const key = input.trim();
@@ -2416,6 +2426,13 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       process.stderr.write("\n" + style.bold(style.violet("Next steps")) + "\n");
       process.stderr.write(blocks.join("") + "\n");
     }
+    const dashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Your dashboard");
+    console.log(`  \u2192 ${dashboardUrl}/agents`);
+    console.log("");
+    console.log("  Use any tool in your agent to see it appear.");
+    console.log("");
   }
   return lastConfig;
 }
@@ -3012,6 +3029,7 @@ function createProxyServer(config) {
   const pendingLines = [];
   let draining = false;
   let stopped = false;
+  let hasLoggedFirstAction = false;
   async function refreshScopes() {
     if (stopped) return;
     if (agentId.length === 0) return;
@@ -3117,8 +3135,10 @@ function createProxyServer(config) {
           );
         }
       }
+      const rawCostCents = extractCostCents(toolParams.arguments);
+      const costCents = Number.isFinite(rawCostCents) && rawCostCents > 0 ? Math.min(rawCostCents, 1e8) : 0;
+      const costUsd = costCents > 0 ? costCents / 100 : void 0;
       if (spendingChecker !== null) {
-        const costCents = extractCostCents(toolParams.arguments);
         if (costCents > 0) {
           const spendResult = spendingChecker.checkSpend(costCents);
           if (!spendResult.allowed) {
@@ -3137,7 +3157,8 @@ function createProxyServer(config) {
                   agent: config.agentName,
                   service,
                   actionType: action,
-                  status: "blocked"
+                  status: "blocked",
+                  ...costUsd !== void 0 ? { cost: costUsd } : {}
                 });
                 config.logger.debug("Spending-blocked action logged.", { tool: toolParams.name });
               }
@@ -3165,9 +3186,15 @@ function createProxyServer(config) {
             agent: config.agentName,
             service,
             actionType: action,
-            status: "approved"
+            status: "approved",
+            ...costUsd !== void 0 ? { cost: costUsd } : {}
           });
           config.logger.debug("Approved action logged.", { tool: toolParams.name });
+          if (!hasLoggedFirstAction) {
+            hasLoggedFirstAction = true;
+            const dashUrl = deriveDashboardUrl(config.baseUrl).replace(/\/+$/, "");
+            config.logger.info(`First action recorded. View activity \u2192 ${dashUrl}/agents`);
+          }
         }
       }
       return null;

package/dist/multicorn-shield.js CHANGED Viewed

@@ -1795,6 +1795,16 @@ async function runInit(explicitBaseUrl) {
       apiKey = existing.apiKey;
     }
   }
+  if (apiKey.length === 0) {
+    const signupDashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Multicorn Shield controls what your AI agents can do.");
+    console.log("  You need a free account to get an API key.");
+    console.log("");
+    console.log(`  1. Sign up or log in \u2192 ${signupDashboardUrl}`);
+    console.log("  2. Go to Settings \u2192 API Keys to create a key");
+    console.log("");
+  }
   while (apiKey.length === 0) {
     const input = await ask("API key (starts with mcs_): ");
     const key = input.trim();
@@ -2487,6 +2497,13 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       process.stderr.write("\n" + style.bold(style.violet("Next steps")) + "\n");
       process.stderr.write(blocks.join("") + "\n");
     }
+    const dashboardUrl = deriveDashboardUrl(resolvedBaseUrl).replace(/\/+$/, "");
+    console.log("");
+    console.log("  Your dashboard");
+    console.log(`  \u2192 ${dashboardUrl}/agents`);
+    console.log("");
+    console.log("  Use any tool in your agent to see it appear.");
+    console.log("");
   }
   return lastConfig;
 }
@@ -2964,6 +2981,7 @@ function createProxyServer(config) {
   const pendingLines = [];
   let draining = false;
   let stopped = false;
+  let hasLoggedFirstAction = false;
   async function refreshScopes() {
     if (stopped) return;
     if (agentId.length === 0) return;
@@ -3069,8 +3087,10 @@ function createProxyServer(config) {
           );
         }
       }
+      const rawCostCents = extractCostCents(toolParams.arguments);
+      const costCents = Number.isFinite(rawCostCents) && rawCostCents > 0 ? Math.min(rawCostCents, 1e8) : 0;
+      const costUsd = costCents > 0 ? costCents / 100 : void 0;
       if (spendingChecker !== null) {
-        const costCents = extractCostCents(toolParams.arguments);
         if (costCents > 0) {
           const spendResult = spendingChecker.checkSpend(costCents);
           if (!spendResult.allowed) {
@@ -3089,7 +3109,8 @@ function createProxyServer(config) {
                   agent: config.agentName,
                   service,
                   actionType: action,
-                  status: "blocked"
+                  status: "blocked",
+                  ...costUsd !== void 0 ? { cost: costUsd } : {}
                 });
                 config.logger.debug("Spending-blocked action logged.", { tool: toolParams.name });
               }
@@ -3117,9 +3138,15 @@ function createProxyServer(config) {
             agent: config.agentName,
             service,
             actionType: action,
-            status: "approved"
+            status: "approved",
+            ...costUsd !== void 0 ? { cost: costUsd } : {}
           });
           config.logger.debug("Approved action logged.", { tool: toolParams.name });
+          if (!hasLoggedFirstAction) {
+            hasLoggedFirstAction = true;
+            const dashUrl = deriveDashboardUrl(config.baseUrl).replace(/\/+$/, "");
+            config.logger.info(`First action recorded. View activity \u2192 ${dashUrl}/agents`);
+          }
         }
       }
       return null;

package/dist/openclaw-plugin/multicorn-shield.js CHANGED Viewed

@@ -468,6 +468,7 @@ var pluginLogger = null;
 var pluginConfig;
 var connectionLogged = false;
 var pinnedAgentName = null;
+var hasLoggedFirstAction = false;
 var SCOPE_REFRESH_INTERVAL_MS = 6e4;
 var cachedMulticornConfig = null;
 function loadMulticornConfig() {
@@ -863,6 +864,13 @@ function afterToolCall(event, ctx) {
     config.baseUrl,
     pluginLogger ?? void 0
   );
+  if (!event.error && !hasLoggedFirstAction) {
+    hasLoggedFirstAction = true;
+    const dashUrl = deriveDashboardUrl(config.baseUrl).replace(/\/+$/, "");
+    if (pluginLogger) {
+      pluginLogger.info(`First action recorded. View activity \u2192 ${dashUrl}/agents`);
+    }
+  }
   return Promise.resolve();
 }
 var plugin = {
@@ -908,6 +916,7 @@ function resetState() {
   cachedMulticornConfig = null;
   connectionLogged = false;
   pinnedAgentName = null;
+  hasLoggedFirstAction = false;
 }
 export { afterToolCall, beforeToolCall, plugin, readConfig, register, resetState, resolveAgentName };

package/dist/shield-extension.js CHANGED Viewed

@@ -22417,7 +22417,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 // package.json
 var package_default = {
-  version: "1.3.1"};
+  version: "1.3.2"};
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",