multicorn-shield 1.4.0 → 1.6.0

package/CHANGELOG.md

@@ -9,6 +9,35 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Bump `version` in `package.json` before publishing to npm.
 
+## [1.5.0] - 2026-05-10
+
+### Added
+
+- Claude Code promotion note when selecting Cursor in the CLI
+- Example usage prompt in CLI "Next steps" output
+- `--version` flag prints version number and exits
+- Consent-required errors now display a clear multi-line message with the approval URL on its own line
+
+### Changed
+
+- Auth prompt detects token pasted at the y/N confirmation and treats it as the token value directly
+- Single-item arrow select skips the interactive picker and selects immediately
+- Blocked response message reformatted for clarity
+
+### Fixed
+
+- Hosted proxy blocks `.well-known` OAuth discovery probes to prevent `mcp-remote` entering OAuth mode
+
+## [1.4.1] - 2026-05-09
+
+### Changed
+
+- Upstream auth prompt accepts a raw API token (`Bearer` added automatically) or a full Authorization-style value (`Bearer`, `Basic`, `Token`, `ApiKey` prefixes are passed through unchanged)
+
+### Fixed
+
+- CLI replace flow no longer shows duplicate agent entries
+
 ## [1.4.0] - 2026-05-08
 
 ### Added

package/dist/multicorn-proxy.js

@@ -420,6 +420,17 @@ function stripAnsi(str) {
 function normalizeAgentName(raw) {
   return raw.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "").replace(/-{2,}/g, "-").replace(/^-+|-+$/g, "").slice(0, 50);
 }
+function formatUpstreamAuthorizationBearerHeader(raw) {
+  const t = raw.trim();
+  if (t.length === 0) return void 0;
+  if (UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD.test(t)) {
+    return t;
+  }
+  if (/^(Bearer|Basic|Token|ApiKey)$/i.test(t)) {
+    return void 0;
+  }
+  return `Bearer ${t}`;
+}
 function isErrnoException(e) {
   return typeof e === "object" && e !== null && "code" in e;
 }
@@ -1400,6 +1411,12 @@ async function promptWindsurfIntegrationMode(ask) {
   return choice === 1 ? "native" : "hosted";
 }
 async function arrowSelect(options, ask, fallbackLabel) {
+  if (options.length === 1) {
+    const only = options[0] ?? "";
+    process.stderr.write(`${style.violet("\u276F")} ${style.cyan(only)}
+`);
+    return 0;
+  }
   const canRaw = process.stdin.isTTY && typeof process.stdin.setRawMode === "function";
   if (!canRaw) {
     for (let i = 0; i < options.length; i++) {
@@ -1452,7 +1469,7 @@ async function arrowSelect(options, ask, fallbackLabel) {
         cleanup();
         clearLines();
         const chosen = options.at(idx);
-        if (chosen !== void 0) {
+        if (chosen !== void 0 && options.length > 1) {
           process.stderr.write(`${style.violet("\u276F")} ${style.cyan(chosen)}
 `);
         }
@@ -1534,12 +1551,12 @@ async function promptProxyConfig(ask, agentName) {
   let upstreamHeaders;
   if (wantsAuth) {
     process.stderr.write(
-      "\n" + style.bold("Enter the Authorization header value.") + "\n" + style.dim("  For Bearer tokens: Bearer ghp_xxxxxxxxxxxx") + "\n" + style.dim("  For API keys:      Bearer sk-xxxxxxxxxxxx") + "\n"
+      "\n" + style.bold("Enter your API token or full Authorization header value.") + "\n" + style.dim("  Bearer tokens: ghp_xxxxxxxxxxxx (Bearer is added automatically)") + "\n" + style.dim("  Other schemes:  Basic dXNlcjpwYXNz (passed as-is)") + "\n"
     );
     const headerVal = await ask("Value: ");
-    const trimmed = headerVal.trim();
-    if (trimmed.length > 0) {
-      upstreamHeaders = { Authorization: trimmed };
+    const authHeader = formatUpstreamAuthorizationBearerHeader(headerVal);
+    if (authHeader !== void 0) {
+      upstreamHeaders = { Authorization: authHeader };
     }
   }
   return {
@@ -2064,7 +2081,7 @@ function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
   }
 }
 function agentDisplayNameDedupeKey(name) {
-  return name.trim().toLowerCase();
+  return name.trim().normalize("NFKC").toLowerCase();
 }
 function normalizeAgentEntryForMerge(a) {
   const name = a.name.trim();
@@ -2291,6 +2308,9 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
         const victim = agentsForPlatform[replaceIdx];
         if (victim !== void 0) {
           removeAgentNameBeforeSave = victim.name;
+          process.stderr.write(
+            "\n" + style.dim("Replacing agent ") + style.cyan(victim.name) + style.dim("...") + "\n"
+          );
         }
       }
     }
@@ -2799,6 +2819,14 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
   }
   rl.close();
   if (configuredAgents.length > 0) {
+    let mcpPromptLabel2 = function(platformSlug) {
+      const rows = configuredAgents.filter((a) => a.platform === platformSlug);
+      const last = rows[rows.length - 1];
+      if (last === void 0) return "shield-mcp";
+      const s = typeof last.shortName === "string" ? last.shortName.trim() : "";
+      if (s.length > 0) return s;
+      return last.agentName.trim().length > 0 ? last.agentName.trim() : "shield-mcp";
+    };
     process.stderr.write("\n" + style.bold(style.violet("Setup complete")) + "\n\n");
     for (const agent of configuredAgents) {
       const namePart = agent.agentName.length > 0 ? ` - ${style.cyan(agent.agentName)}` : "";
@@ -2822,13 +2850,15 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       );
     }
     if (configuredPlatforms.has("claude-desktop")) {
+      const cdLabel = mcpPromptLabel2("claude-desktop");
       blocks.push(
-        "\n" + style.bold("Claude Desktop") + "\n  \u2192 Restart Claude Desktop to pick up config changes\n  \u2192 Try it: make a request in Claude Desktop - Shield will intercept the first tool call and ask for your consent\n"
+        "\n" + style.bold("Claude Desktop") + '\n  \u2192 Restart Claude Desktop to load the updated configuration\n  \u2192 Confirm connection: click your profile (bottom-left) \u2192 Settings \u2192 Developer\n    Check that "' + cdLabel + '" shows a green "running" status\n  \u2192 Try it: paste this into Claude Desktop:\n    "Use the ' + cdLabel + ' MCP server to list my GitHub repositories"\n'
       );
     }
     if (configuredPlatforms.has("cursor")) {
+      const cursorLabel = mcpPromptLabel2("cursor");
       blocks.push(
-        "\n" + style.bold("Cursor") + "\n  \u2192 If needed, download Cursor from " + style.cyan("https://www.cursor.com/downloads") + "\n  \u2192 Restart Cursor so it loads the MCP server\n  \u2192 Try it: make a request in Cursor - Shield will intercept the first tool call and ask for your consent\n"
+        "\n" + style.bold("Cursor") + "\n  \u2192 If needed, download Cursor from " + style.cyan("https://www.cursor.com/downloads") + '\n  \u2192 Restart Cursor so it loads the MCP server\n  \u2192 Confirm connection: open Settings \u2192 Tools & MCPs\n    Check that "' + cursorLabel + '" shows a green status indicator\n  \u2192 Try it: paste this into Cursor:\n    "Use the ' + cursorLabel + ' MCP server to list my GitHub repositories"\n'
       );
     }
     if (configuredPlatforms.has("kilo-code")) {
@@ -2918,7 +2948,7 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
   }
   return lastConfig;
 }
-var SECRET_JSON_FILE_OPTIONS, style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, PLATFORM_BY_SELECTION, HOSTED_PROXY_PLATFORMS_WITH_URL_KEY, DEFAULT_SHIELD_API_BASE_URL;
+var SECRET_JSON_FILE_OPTIONS, style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, PLATFORM_BY_SELECTION, HOSTED_PROXY_PLATFORMS_WITH_URL_KEY, DEFAULT_SHIELD_API_BASE_URL;
 var init_config = __esm({
   "src/proxy/config.ts"() {
     init_consent();
@@ -2950,6 +2980,7 @@ var init_config = __esm({
     CONFIG_PATH = join(CONFIG_DIR, "config.json");
     OPENCLAW_CONFIG_PATH = join(homedir(), ".openclaw", "openclaw.json");
     ANSI_PATTERN = new RegExp(String.fromCharCode(27) + "\\[[0-9;]*[a-zA-Z]", "g");
+    UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD = /^(Bearer|Basic|Token|ApiKey)(\s+)(.+)$/is;
     OPENCLAW_MIN_VERSION = "2026.2.26";
     INIT_WIZARD_PLATFORM_REGISTRY = [
       { slug: "openclaw", displayName: "OpenClaw", section: "native" },
@@ -3415,9 +3446,13 @@ function extractToolCallParams(request) {
   if (typeof args !== "object" || args === null) return null;
   return { name, arguments: args };
 }
-function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+function buildBlockedResponse(id, service, _permissionLevel, dashboardUrl) {
   const displayService = capitalize(service);
-  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  const message = `Action blocked by Shield
+
+This agent cannot use ${displayService}.
+
+Configure permissions: ${dashboardUrl}`;
   return {
     jsonrpc: "2.0",
     id,
@@ -3951,6 +3986,192 @@ var init_restore = __esm({
   }
 });
 
+// package.json
+var package_default;
+var init_package = __esm({
+  "package.json"() {
+    package_default = {
+      name: "multicorn-shield",
+      version: "1.6.0",
+      description: "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
+      license: "MIT",
+      author: "Multicorn AI Pty Ltd",
+      type: "module",
+      main: "./dist/index.cjs",
+      module: "./dist/index.js",
+      types: "./dist/index.d.ts",
+      exports: {
+        ".": {
+          import: {
+            types: "./dist/index.d.ts",
+            default: "./dist/index.js"
+          },
+          require: {
+            types: "./dist/index.d.cts",
+            default: "./dist/index.cjs"
+          }
+        },
+        "./proxy": {
+          import: {
+            types: "./dist/proxy.d.ts",
+            default: "./dist/proxy.js"
+          },
+          require: {
+            types: "./dist/proxy.d.cts",
+            default: "./dist/proxy.cjs"
+          }
+        }
+      },
+      bin: {
+        "multicorn-shield": "./dist/multicorn-shield.js",
+        "multicorn-proxy": "./dist/multicorn-proxy.js"
+      },
+      files: [
+        "dist",
+        "plugins/multicorn-shield",
+        "plugins/windsurf",
+        "plugins/cline",
+        "plugins/gemini-cli",
+        "LICENSE",
+        "README.md",
+        "CHANGELOG.md"
+      ],
+      publishConfig: {
+        access: "public",
+        provenance: true
+      },
+      sideEffects: [
+        "dist/index.js",
+        "dist/index.cjs",
+        "dist/badge.js",
+        "src/badge/multicorn-badge.ts"
+      ],
+      engines: {
+        node: ">=20"
+      },
+      scripts: {
+        build: "tsup",
+        dev: "tsup --watch",
+        lint: "eslint . --no-warn-ignored && prettier --check .",
+        "lint:fix": "eslint --fix . --no-warn-ignored && prettier --write .",
+        test: "vitest run",
+        "test:watch": "vitest",
+        "test:coverage": "vitest run --coverage",
+        typecheck: "tsc --noEmit",
+        docs: "typedoc",
+        clean: "rm -rf dist coverage docs/api extension-pack",
+        "stage-extension-pack": "rm -rf extension-pack && mkdir -p extension-pack/server && cp manifest.json extension-pack/ && cp icon.png extension-pack/ && cp dist/shield-extension.js extension-pack/server/index.js",
+        "validate:extension": "pnpm run stage-extension-pack && mcpb validate extension-pack/manifest.json",
+        "build:extension": "tsup",
+        "pack:extension": "pnpm run build && pnpm run stage-extension-pack && mcpb validate extension-pack/manifest.json && mcpb pack extension-pack dist/multicorn-shield.mcpb",
+        size: "size-limit",
+        prepublishOnly: "pnpm run clean && pnpm run typecheck && pnpm run lint && pnpm run test && pnpm run build",
+        prepare: "husky || true",
+        "release:patch": "npm version patch && pnpm publish",
+        "release:minor": "npm version minor && pnpm publish",
+        "release:major": "npm version major && pnpm publish"
+      },
+      "lint-staged": {
+        "*.ts": [
+          "eslint --fix --no-warn-ignored",
+          "prettier --write"
+        ],
+        "*.{json,md}": [
+          "prettier --write"
+        ]
+      },
+      dependencies: {
+        "@modelcontextprotocol/sdk": "^1.27.1",
+        lit: "^3.2.0",
+        zod: "^4.3.6"
+      },
+      devDependencies: {
+        "@anthropic-ai/mcpb": "^2.1.2",
+        "@eslint/js": "^9.19.0",
+        "@open-wc/testing-helpers": "^3.0.1",
+        "@size-limit/file": "^11.1.6",
+        "@types/node": "^22.0.0",
+        "@vitest/coverage-v8": "^3.0.5",
+        eslint: "^9.19.0",
+        "eslint-config-prettier": "^10.0.1",
+        "eslint-plugin-unicorn": "^57.0.0",
+        globals: "^15.14.0",
+        husky: "^9.1.7",
+        jiti: "^2.4.2",
+        jsdom: "^25.0.1",
+        "lint-staged": "^16.2.7",
+        prettier: "^3.4.2",
+        "size-limit": "^11.1.6",
+        tsup: "^8.3.6",
+        typedoc: "^0.28.17",
+        typescript: "^5.7.3",
+        "typescript-eslint": "^8.22.0",
+        vite: "^7.3.2",
+        vitest: "^3.0.5"
+      },
+      "size-limit": [
+        {
+          path: "dist/index.js",
+          limit: "50 kB",
+          gzip: true
+        },
+        {
+          path: "dist/index.cjs",
+          limit: "50 kB",
+          gzip: true
+        },
+        {
+          path: "dist/badge.js",
+          limit: "5 kB",
+          gzip: true
+        }
+      ],
+      keywords: [
+        "ai",
+        "agents",
+        "permissions",
+        "sdk",
+        "typescript",
+        "consent",
+        "spending-limits",
+        "audit-log",
+        "mcp",
+        "shield",
+        "multicorn"
+      ],
+      repository: {
+        type: "git",
+        url: "git+https://github.com/Multicorn-AI/multicorn-shield.git"
+      },
+      bugs: {
+        url: "https://github.com/Multicorn-AI/multicorn-shield/issues"
+      },
+      homepage: "https://multicorn.ai",
+      pnpm: {
+        overrides: {
+          vite: ">=7.3.2",
+          flatted: ">=3.4.2",
+          minimatch: ">=10.2.3",
+          rollup: ">=4.59.0",
+          picomatch: ">=4.0.4",
+          "path-to-regexp": ">=8.4.0",
+          "node-forge": ">=1.4.0",
+          "fast-uri": ">=3.1.2"
+        }
+      }
+    };
+  }
+});
+
+// src/package-meta.ts
+var PACKAGE_VERSION;
+var init_package_meta = __esm({
+  "src/package-meta.ts"() {
+    init_package();
+    PACKAGE_VERSION = package_default.version;
+  }
+});
+
 // bin/multicorn-shield.ts
 var multicorn_shield_exports = {};
 __export(multicorn_shield_exports, {
@@ -4109,6 +4330,7 @@ function printHelp() {
       "      Shield's permission layer.",
       "",
       "Options:",
+      "  --version, -v        Print version and exit",
       "  --verbose, --debug   Print extra diagnostics during init (menu selection, agent counts)",
       "  --api-key <key>       Multicorn API key (overrides MULTICORN_API_KEY env var and config file)",
       "  --log-level <level>   Log level: debug | info | warn | error  (default: info)",
@@ -4133,6 +4355,11 @@ async function runCli() {
     );
     return;
   }
+  if (first === "--version" || first === "-v") {
+    process.stdout.write(`${PACKAGE_VERSION}
+`);
+    process.exit(0);
+  }
   const cli = parseArgs(process.argv);
   const logger = createLogger(cli.logLevel);
   if (cli.subcommand === "help") {
@@ -4279,6 +4506,7 @@ var init_multicorn_shield = __esm({
     init_logger();
     init_consent();
     init_restore();
+    init_package_meta();
     isDirectRun = process.argv[1] !== void 0 && (import.meta.url.endsWith(process.argv[1]) || import.meta.url === `file://${process.argv[1]}` || import.meta.url.endsWith("/multicorn-shield.js") || import.meta.url.endsWith("/multicorn-shield.ts"));
     if (isDirectRun && process.env["VITEST"] === void 0) {
       runCli().catch((error) => {

package/dist/multicorn-shield.js

@@ -432,6 +432,18 @@ function stripAnsi(str) {
 function normalizeAgentName(raw) {
   return raw.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "").replace(/-{2,}/g, "-").replace(/^-+|-+$/g, "").slice(0, 50);
 }
+var UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD = /^(Bearer|Basic|Token|ApiKey)(\s+)(.+)$/is;
+function formatUpstreamAuthorizationBearerHeader(raw) {
+  const t = raw.trim();
+  if (t.length === 0) return void 0;
+  if (UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD.test(t)) {
+    return t;
+  }
+  if (/^(Bearer|Basic|Token|ApiKey)$/i.test(t)) {
+    return void 0;
+  }
+  return `Bearer ${t}`;
+}
 function isErrnoException(e) {
   return typeof e === "object" && e !== null && "code" in e;
 }
@@ -1471,6 +1483,12 @@ async function promptWindsurfIntegrationMode(ask) {
   return choice === 1 ? "native" : "hosted";
 }
 async function arrowSelect(options, ask, fallbackLabel) {
+  if (options.length === 1) {
+    const only = options[0] ?? "";
+    process.stderr.write(`${style.violet("\u276F")} ${style.cyan(only)}
+`);
+    return 0;
+  }
   const canRaw = process.stdin.isTTY && typeof process.stdin.setRawMode === "function";
   if (!canRaw) {
     for (let i = 0; i < options.length; i++) {
@@ -1523,7 +1541,7 @@ async function arrowSelect(options, ask, fallbackLabel) {
         cleanup();
         clearLines();
         const chosen = options.at(idx);
-        if (chosen !== void 0) {
+        if (chosen !== void 0 && options.length > 1) {
           process.stderr.write(`${style.violet("\u276F")} ${style.cyan(chosen)}
 `);
         }
@@ -1605,12 +1623,12 @@ async function promptProxyConfig(ask, agentName) {
   let upstreamHeaders;
   if (wantsAuth) {
     process.stderr.write(
-      "\n" + style.bold("Enter the Authorization header value.") + "\n" + style.dim("  For Bearer tokens: Bearer ghp_xxxxxxxxxxxx") + "\n" + style.dim("  For API keys:      Bearer sk-xxxxxxxxxxxx") + "\n"
+      "\n" + style.bold("Enter your API token or full Authorization header value.") + "\n" + style.dim("  Bearer tokens: ghp_xxxxxxxxxxxx (Bearer is added automatically)") + "\n" + style.dim("  Other schemes:  Basic dXNlcjpwYXNz (passed as-is)") + "\n"
     );
     const headerVal = await ask("Value: ");
-    const trimmed = headerVal.trim();
-    if (trimmed.length > 0) {
-      upstreamHeaders = { Authorization: trimmed };
+    const authHeader = formatUpstreamAuthorizationBearerHeader(headerVal);
+    if (authHeader !== void 0) {
+      upstreamHeaders = { Authorization: authHeader };
     }
   }
   return {
@@ -2143,7 +2161,7 @@ function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
   }
 }
 function agentDisplayNameDedupeKey(name) {
-  return name.trim().toLowerCase();
+  return name.trim().normalize("NFKC").toLowerCase();
 }
 function normalizeAgentEntryForMerge(a) {
   const name = a.name.trim();
@@ -2371,6 +2389,9 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
         const victim = agentsForPlatform[replaceIdx];
         if (victim !== void 0) {
           removeAgentNameBeforeSave = victim.name;
+          process.stderr.write(
+            "\n" + style.dim("Replacing agent ") + style.cyan(victim.name) + style.dim("...") + "\n"
+          );
         }
       }
     }
@@ -2879,6 +2900,14 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
   }
   rl.close();
   if (configuredAgents.length > 0) {
+    let mcpPromptLabel2 = function(platformSlug) {
+      const rows = configuredAgents.filter((a) => a.platform === platformSlug);
+      const last = rows[rows.length - 1];
+      if (last === void 0) return "shield-mcp";
+      const s = typeof last.shortName === "string" ? last.shortName.trim() : "";
+      if (s.length > 0) return s;
+      return last.agentName.trim().length > 0 ? last.agentName.trim() : "shield-mcp";
+    };
     process.stderr.write("\n" + style.bold(style.violet("Setup complete")) + "\n\n");
     for (const agent of configuredAgents) {
       const namePart = agent.agentName.length > 0 ? ` - ${style.cyan(agent.agentName)}` : "";
@@ -2902,13 +2931,15 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       );
     }
     if (configuredPlatforms.has("claude-desktop")) {
+      const cdLabel = mcpPromptLabel2("claude-desktop");
       blocks.push(
-        "\n" + style.bold("Claude Desktop") + "\n  \u2192 Restart Claude Desktop to pick up config changes\n  \u2192 Try it: make a request in Claude Desktop - Shield will intercept the first tool call and ask for your consent\n"
+        "\n" + style.bold("Claude Desktop") + '\n  \u2192 Restart Claude Desktop to load the updated configuration\n  \u2192 Confirm connection: click your profile (bottom-left) \u2192 Settings \u2192 Developer\n    Check that "' + cdLabel + '" shows a green "running" status\n  \u2192 Try it: paste this into Claude Desktop:\n    "Use the ' + cdLabel + ' MCP server to list my GitHub repositories"\n'
       );
     }
     if (configuredPlatforms.has("cursor")) {
+      const cursorLabel = mcpPromptLabel2("cursor");
       blocks.push(
-        "\n" + style.bold("Cursor") + "\n  \u2192 If needed, download Cursor from " + style.cyan("https://www.cursor.com/downloads") + "\n  \u2192 Restart Cursor so it loads the MCP server\n  \u2192 Try it: make a request in Cursor - Shield will intercept the first tool call and ask for your consent\n"
+        "\n" + style.bold("Cursor") + "\n  \u2192 If needed, download Cursor from " + style.cyan("https://www.cursor.com/downloads") + '\n  \u2192 Restart Cursor so it loads the MCP server\n  \u2192 Confirm connection: open Settings \u2192 Tools & MCPs\n    Check that "' + cursorLabel + '" shows a green status indicator\n  \u2192 Try it: paste this into Cursor:\n    "Use the ' + cursorLabel + ' MCP server to list my GitHub repositories"\n'
       );
     }
     if (configuredPlatforms.has("kilo-code")) {
@@ -3374,9 +3405,13 @@ function extractToolCallParams(request) {
   if (typeof args !== "object" || args === null) return null;
   return { name, arguments: args };
 }
-function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+function buildBlockedResponse(id, service, _permissionLevel, dashboardUrl) {
   const displayService = capitalize(service);
-  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  const message = `Action blocked by Shield
+
+This agent cannot use ${displayService}.
+
+Configure permissions: ${dashboardUrl}`;
   return {
     jsonrpc: "2.0",
     id,
@@ -3878,6 +3913,13 @@ async function restoreClaudeDesktopMcpFromBackup() {
   });
 }
 
+// package.json
+var package_default = {
+  version: "1.6.0"};
+
+// src/package-meta.ts
+var PACKAGE_VERSION = package_default.version;
+
 // bin/multicorn-shield.ts
 function parseArgs(argv) {
   const args = argv.slice(2);
@@ -4030,6 +4072,7 @@ function printHelp() {
       "      Shield's permission layer.",
       "",
       "Options:",
+      "  --version, -v        Print version and exit",
       "  --verbose, --debug   Print extra diagnostics during init (menu selection, agent counts)",
       "  --api-key <key>       Multicorn API key (overrides MULTICORN_API_KEY env var and config file)",
       "  --log-level <level>   Log level: debug | info | warn | error  (default: info)",
@@ -4054,6 +4097,11 @@ async function runCli() {
     );
     return;
   }
+  if (first === "--version" || first === "-v") {
+    process.stdout.write(`${PACKAGE_VERSION}
+`);
+    process.exit(0);
+  }
   const cli = parseArgs(process.argv);
   const logger = createLogger(cli.logLevel);
   if (cli.subcommand === "help") {

package/dist/proxy.cjs

@@ -30,9 +30,13 @@ function extractToolCallParams(request) {
   if (typeof args !== "object" || args === null) return null;
   return { name, arguments: args };
 }
-function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+function buildBlockedResponse(id, service, _permissionLevel, dashboardUrl) {
   const displayService = capitalize(service);
-  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  const message = `Action blocked by Shield
+
+This agent cannot use ${displayService}.
+
+Configure permissions: ${dashboardUrl}`;
   return {
     jsonrpc: "2.0",
     id,

package/dist/proxy.d.cts

@@ -31,7 +31,7 @@ interface ToolCallParams {
 }
 declare function parseJsonRpcLine(line: string): JsonRpcRequest | null;
 declare function extractToolCallParams(request: JsonRpcRequest): ToolCallParams | null;
-declare function buildBlockedResponse(id: string | number | null, service: string, permissionLevel: string, dashboardUrl: string): JsonRpcResponse;
+declare function buildBlockedResponse(id: string | number | null, service: string, _permissionLevel: string, dashboardUrl: string): JsonRpcResponse;
 declare function buildSpendingBlockedResponse(id: string | number | null, reason: string, dashboardUrl: string): JsonRpcResponse;
 /**
  * Internal error: Shield could not verify permissions due to an exception.

package/dist/proxy.d.ts

@@ -31,7 +31,7 @@ interface ToolCallParams {
 }
 declare function parseJsonRpcLine(line: string): JsonRpcRequest | null;
 declare function extractToolCallParams(request: JsonRpcRequest): ToolCallParams | null;
-declare function buildBlockedResponse(id: string | number | null, service: string, permissionLevel: string, dashboardUrl: string): JsonRpcResponse;
+declare function buildBlockedResponse(id: string | number | null, service: string, _permissionLevel: string, dashboardUrl: string): JsonRpcResponse;
 declare function buildSpendingBlockedResponse(id: string | number | null, reason: string, dashboardUrl: string): JsonRpcResponse;
 /**
  * Internal error: Shield could not verify permissions due to an exception.

package/dist/proxy.js

@@ -28,9 +28,13 @@ function extractToolCallParams(request) {
   if (typeof args !== "object" || args === null) return null;
   return { name, arguments: args };
 }
-function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+function buildBlockedResponse(id, service, _permissionLevel, dashboardUrl) {
   const displayService = capitalize(service);
-  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  const message = `Action blocked by Shield
+
+This agent cannot use ${displayService}.
+
+Configure permissions: ${dashboardUrl}`;
   return {
     jsonrpc: "2.0",
     id,

package/dist/shield-extension.js

@@ -3090,11 +3090,14 @@ var require_data = __commonJS({
   }
 });
 
-// node_modules/.pnpm/fast-uri@3.1.0/node_modules/fast-uri/lib/utils.js
+// node_modules/.pnpm/fast-uri@3.1.2/node_modules/fast-uri/lib/utils.js
 var require_utils = __commonJS({
-  "node_modules/.pnpm/fast-uri@3.1.0/node_modules/fast-uri/lib/utils.js"(exports$1, module) {
+  "node_modules/.pnpm/fast-uri@3.1.2/node_modules/fast-uri/lib/utils.js"(exports$1, module) {
     var isUUID = RegExp.prototype.test.bind(/^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/iu);
     var isIPv4 = RegExp.prototype.test.bind(/^(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$/u);
+    var isHexPair = RegExp.prototype.test.bind(/^[\da-f]{2}$/iu);
+    var isUnreserved = RegExp.prototype.test.bind(/^[\da-z\-._~]$/iu);
+    var isPathCharacter = RegExp.prototype.test.bind(/^[\da-z\-._~!$&'()*+,;=:@/]$/iu);
     function stringArrayToHexStripped(input) {
       let acc = "";
       let code = 0;
@@ -3287,27 +3290,77 @@ var require_utils = __commonJS({
       }
       return output.join("");
     }
-    function normalizeComponentEncoding(component, esc2) {
-      const func = esc2 !== true ? escape : unescape;
-      if (component.scheme !== void 0) {
-        component.scheme = func(component.scheme);
-      }
-      if (component.userinfo !== void 0) {
-        component.userinfo = func(component.userinfo);
-      }
-      if (component.host !== void 0) {
-        component.host = func(component.host);
+    var HOST_DELIMS = { "@": "%40", "/": "%2F", "?": "%3F", "#": "%23", ":": "%3A" };
+    var HOST_DELIM_RE = /[@/?#:]/g;
+    var HOST_DELIM_NO_COLON_RE = /[@/?#]/g;
+    function reescapeHostDelimiters(host, isIP) {
+      const re = isIP ? HOST_DELIM_NO_COLON_RE : HOST_DELIM_RE;
+      re.lastIndex = 0;
+      return host.replace(re, (ch) => HOST_DELIMS[ch]);
+    }
+    function normalizePercentEncoding(input, decodeUnreserved = false) {
+      if (input.indexOf("%") === -1) {
+        return input;
       }
-      if (component.path !== void 0) {
-        component.path = func(component.path);
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex3 = input.slice(i + 1, i + 3);
+          if (isHexPair(hex3)) {
+            const normalizedHex = hex3.toUpperCase();
+            const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+            if (decodeUnreserved && isUnreserved(decoded)) {
+              output += decoded;
+            } else {
+              output += "%" + normalizedHex;
+            }
+            i += 2;
+            continue;
+          }
+        }
+        output += input[i];
       }
-      if (component.query !== void 0) {
-        component.query = func(component.query);
+      return output;
+    }
+    function normalizePathEncoding(input) {
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex3 = input.slice(i + 1, i + 3);
+          if (isHexPair(hex3)) {
+            const normalizedHex = hex3.toUpperCase();
+            const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+            if (decoded !== "." && isUnreserved(decoded)) {
+              output += decoded;
+            } else {
+              output += "%" + normalizedHex;
+            }
+            i += 2;
+            continue;
+          }
+        }
+        if (isPathCharacter(input[i])) {
+          output += input[i];
+        } else {
+          output += escape(input[i]);
+        }
       }
-      if (component.fragment !== void 0) {
-        component.fragment = func(component.fragment);
+      return output;
+    }
+    function escapePreservingEscapes(input) {
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex3 = input.slice(i + 1, i + 3);
+          if (isHexPair(hex3)) {
+            output += "%" + hex3.toUpperCase();
+            i += 2;
+            continue;
+          }
+        }
+        output += escape(input[i]);
       }
-      return component;
+      return output;
     }
     function recomposeAuthority(component) {
       const uriTokens = [];
@@ -3322,7 +3375,7 @@ var require_utils = __commonJS({
           if (ipV6res.isIPV6 === true) {
             host = `[${ipV6res.escapedHost}]`;
           } else {
-            host = component.host;
+            host = reescapeHostDelimiters(host, false);
           }
         }
         uriTokens.push(host);
@@ -3336,7 +3389,10 @@ var require_utils = __commonJS({
     module.exports = {
       nonSimpleDomain,
       recomposeAuthority,
-      normalizeComponentEncoding,
+      reescapeHostDelimiters,
+      normalizePercentEncoding,
+      normalizePathEncoding,
+      escapePreservingEscapes,
       removeDotSegments,
       isIPv4,
       isUUID,
@@ -3346,9 +3402,9 @@ var require_utils = __commonJS({
   }
 });
 
-// node_modules/.pnpm/fast-uri@3.1.0/node_modules/fast-uri/lib/schemes.js
+// node_modules/.pnpm/fast-uri@3.1.2/node_modules/fast-uri/lib/schemes.js
 var require_schemes = __commonJS({
-  "node_modules/.pnpm/fast-uri@3.1.0/node_modules/fast-uri/lib/schemes.js"(exports$1, module) {
+  "node_modules/.pnpm/fast-uri@3.1.2/node_modules/fast-uri/lib/schemes.js"(exports$1, module) {
     var { isUUID } = require_utils();
     var URN_REG = /([\da-z][\d\-a-z]{0,31}):((?:[\w!$'()*+,\-.:;=@]|%[\da-f]{2})+)/iu;
     var supportedSchemeNames = (
@@ -3555,15 +3611,15 @@ var require_schemes = __commonJS({
   }
 });
 
-// node_modules/.pnpm/fast-uri@3.1.0/node_modules/fast-uri/index.js
+// node_modules/.pnpm/fast-uri@3.1.2/node_modules/fast-uri/index.js
 var require_fast_uri = __commonJS({
-  "node_modules/.pnpm/fast-uri@3.1.0/node_modules/fast-uri/index.js"(exports$1, module) {
-    var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizeComponentEncoding, isIPv4, nonSimpleDomain } = require_utils();
+  "node_modules/.pnpm/fast-uri@3.1.2/node_modules/fast-uri/index.js"(exports$1, module) {
+    var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizePercentEncoding, normalizePathEncoding, escapePreservingEscapes, reescapeHostDelimiters, isIPv4, nonSimpleDomain } = require_utils();
     var { SCHEMES, getSchemeHandler } = require_schemes();
     function normalize(uri, options) {
       if (typeof uri === "string") {
         uri = /** @type {T} */
-        serialize(parse3(uri, options), options);
+        normalizeString(uri, options);
       } else if (typeof uri === "object") {
         uri = /** @type {T} */
         parse3(serialize(uri, options), options);
@@ -3630,19 +3686,9 @@ var require_fast_uri = __commonJS({
       return target;
     }
     function equal(uriA, uriB, options) {
-      if (typeof uriA === "string") {
-        uriA = unescape(uriA);
-        uriA = serialize(normalizeComponentEncoding(parse3(uriA, options), true), { ...options, skipEscape: true });
-      } else if (typeof uriA === "object") {
-        uriA = serialize(normalizeComponentEncoding(uriA, true), { ...options, skipEscape: true });
-      }
-      if (typeof uriB === "string") {
-        uriB = unescape(uriB);
-        uriB = serialize(normalizeComponentEncoding(parse3(uriB, options), true), { ...options, skipEscape: true });
-      } else if (typeof uriB === "object") {
-        uriB = serialize(normalizeComponentEncoding(uriB, true), { ...options, skipEscape: true });
-      }
-      return uriA.toLowerCase() === uriB.toLowerCase();
+      const normalizedA = normalizeComparableURI(uriA, options);
+      const normalizedB = normalizeComparableURI(uriB, options);
+      return normalizedA !== void 0 && normalizedB !== void 0 && normalizedA.toLowerCase() === normalizedB.toLowerCase();
     }
     function serialize(cmpts, opts) {
       const component = {
@@ -3667,12 +3713,12 @@ var require_fast_uri = __commonJS({
       if (schemeHandler && schemeHandler.serialize) schemeHandler.serialize(component, options);
       if (component.path !== void 0) {
         if (!options.skipEscape) {
-          component.path = escape(component.path);
+          component.path = escapePreservingEscapes(component.path);
           if (component.scheme !== void 0) {
             component.path = component.path.split("%3A").join(":");
           }
         } else {
-          component.path = unescape(component.path);
+          component.path = normalizePercentEncoding(component.path);
         }
       }
       if (options.reference !== "suffix" && component.scheme) {
@@ -3707,7 +3753,16 @@ var require_fast_uri = __commonJS({
       return uriTokens.join("");
     }
     var URI_PARSE = /^(?:([^#/:?]+):)?(?:\/\/((?:([^#/?@]*)@)?(\[[^#/?\]]+\]|[^#/:?]*)(?::(\d*))?))?([^#?]*)(?:\?([^#]*))?(?:#((?:.|[\n\r])*))?/u;
-    function parse3(uri, opts) {
+    function getParseError(parsed, matches) {
+      if (matches[2] !== void 0 && parsed.path && parsed.path[0] !== "/") {
+        return 'URI path must start with "/" when authority is present.';
+      }
+      if (typeof parsed.port === "number" && (parsed.port < 0 || parsed.port > 65535)) {
+        return "URI port is malformed.";
+      }
+      return void 0;
+    }
+    function parseWithStatus(uri, opts) {
       const options = Object.assign({}, opts);
       const parsed = {
         scheme: void 0,
@@ -3718,6 +3773,7 @@ var require_fast_uri = __commonJS({
         query: void 0,
         fragment: void 0
       };
+      let malformedAuthorityOrPort = false;
       let isIP = false;
       if (options.reference === "suffix") {
         if (options.scheme) {
@@ -3738,6 +3794,11 @@ var require_fast_uri = __commonJS({
         if (isNaN(parsed.port)) {
           parsed.port = matches[5];
         }
+        const parseError = getParseError(parsed, matches);
+        if (parseError !== void 0) {
+          parsed.error = parsed.error || parseError;
+          malformedAuthorityOrPort = true;
+        }
         if (parsed.host) {
           const ipv4result = isIPv4(parsed.host);
           if (ipv4result === false) {
@@ -3776,14 +3837,18 @@ var require_fast_uri = __commonJS({
               parsed.scheme = unescape(parsed.scheme);
             }
             if (parsed.host !== void 0) {
-              parsed.host = unescape(parsed.host);
+              parsed.host = reescapeHostDelimiters(unescape(parsed.host), isIP);
             }
           }
           if (parsed.path) {
-            parsed.path = escape(unescape(parsed.path));
+            parsed.path = normalizePathEncoding(parsed.path);
           }
           if (parsed.fragment) {
-            parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+            try {
+              parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+            } catch {
+              parsed.error = parsed.error || "URI malformed";
+            }
           }
         }
         if (schemeHandler && schemeHandler.parse) {
@@ -3792,7 +3857,29 @@ var require_fast_uri = __commonJS({
       } else {
         parsed.error = parsed.error || "URI can not be parsed.";
       }
-      return parsed;
+      return { parsed, malformedAuthorityOrPort };
+    }
+    function parse3(uri, opts) {
+      return parseWithStatus(uri, opts).parsed;
+    }
+    function normalizeString(uri, opts) {
+      return normalizeStringWithStatus(uri, opts).normalized;
+    }
+    function normalizeStringWithStatus(uri, opts) {
+      const { parsed, malformedAuthorityOrPort } = parseWithStatus(uri, opts);
+      return {
+        normalized: malformedAuthorityOrPort ? uri : serialize(parsed, opts),
+        malformedAuthorityOrPort
+      };
+    }
+    function normalizeComparableURI(uri, opts) {
+      if (typeof uri === "string") {
+        const { normalized, malformedAuthorityOrPort } = normalizeStringWithStatus(uri, opts);
+        return malformedAuthorityOrPort ? void 0 : normalized;
+      }
+      if (typeof uri === "object") {
+        return serialize(uri, opts);
+      }
     }
     var fastUri = {
       SCHEMES,
@@ -22417,7 +22504,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "1.4.0"};
+  version: "1.6.0"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;
@@ -22980,7 +23067,7 @@ function resultSuggestsConsentNeeded(result) {
     return false;
   }
   const t = first.text;
-  return t.includes("Action blocked by Multicorn Shield") || t.includes("does not have") && t.includes("access to") || t.includes("Configure permissions at");
+  return t.includes("Action blocked by Shield") || t.includes("Permission required") || t.includes("This agent cannot use") || t.includes("does not have") && t.includes("access to") || t.includes("Configure permissions:");
 }
 
 // src/types/index.ts
@@ -23203,9 +23290,13 @@ function sleep2(ms) {
 var BLOCKED_ERROR_CODE = -32e3;
 var INTERNAL_ERROR_CODE = -32002;
 var SERVICE_UNREACHABLE_ERROR_CODE = -32003;
-function buildBlockedResponse(id, service, permissionLevel, dashboardUrl) {
+function buildBlockedResponse(id, service, _permissionLevel, dashboardUrl) {
   const displayService = capitalize(service);
-  const message = `Action blocked by Multicorn Shield: agent does not have ${permissionLevel} access to ${displayService}. Configure permissions at ${dashboardUrl}`;
+  const message = `Action blocked by Shield
+
+This agent cannot use ${displayService}.
+
+Configure permissions: ${dashboardUrl}`;
   return {
     jsonrpc: "2.0",
     id,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",