multicorn-shield 1.7.0 → 1.9.0

package/CHANGELOG.md

@@ -9,6 +9,45 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Bump `version` in `package.json` before publishing to npm.
 
+## [1.9.0] - 2026-05-12
+
+### Added
+
+- OpenAI Codex CLI as a supported platform (native hooks + hosted proxy)
+- Codex CLI hook scripts (PreToolUse, PostToolUse) for terminal command interception
+- Codex CLI agent resolution and tool name mapping
+- CLI wizard support for Codex CLI: native plugin install and hosted proxy TOML snippet
+- `plugins/codex-cli/README.md` documenting hook script build and test workflow
+
+### Fixed
+
+- Codex config.toml feature flag updated from deprecated `codex_hooks` to `hooks`
+- Config.toml migration: init now detects and replaces deprecated `codex_hooks` flag automatically
+- Hook scripts reject plaintext HTTP for non-localhost API calls
+- Config file permission warning when `~/.multicorn/config.json` is readable by other users
+- Destructive command detection uses word-boundary matching instead of substring includes
+- Unknown tool names default to restrictive `write` permission level instead of `execute`
+- Audit log payloads size-bounded and secret patterns redacted before transmission
+- Error messages sanitised: internal details hidden unless `MULTICORN_DEBUG` is set
+- Test-mode polling escape hatch removed from production hook scripts
+- Shared utility module extracted to eliminate duplication between hook scripts
+
+### Changed
+
+- Error message prefix shortened from `[multicorn-shield]` to `[Shield]`
+- "Audit trail" terminology replaced with "record the action" in user-facing messages
+
+## [1.8.0] - 2026-05-11
+
+### Added
+
+- OpenCode as a supported platform (native plugin + hosted proxy paths)
+- Native Shield plugin for OpenCode (`plugins/opencode/multicorn-shield.ts`) using `tool.execute.before`/`tool.execute.after` hooks for permission checks and audit logging
+- OpenCode in CLI init wizard with native plugin and hosted proxy integration modes
+- Tool name mapping for OpenCode built-in tools (`bash`, `read`, `write`, `edit`, `apply_patch`, `glob`, `grep`, `list`, `webfetch`, `websearch`)
+- Shell reload hint in CLI native plugin output for freshly installed tools
+- `'opencode'` to `AGENT_PLATFORM_SLUGS`
+
 ## [1.7.0] - 2026-05-11
 
 ### Fixed

package/dist/index.cjs

@@ -26,6 +26,8 @@ var AGENT_PLATFORM_SLUGS = [
   "github-copilot",
   "goose",
   "kilo-code",
+  "opencode",
+  "codex-cli",
   "other-mcp",
   "github-actions",
   "unknown"

package/dist/index.d.cts

@@ -12,7 +12,7 @@ import { LitElement, PropertyValues, HTMLTemplateResult } from 'lit';
 /**
  * Agent client platforms supported by hosted proxy and native hooks (aligned with API validation).
  */
-declare const AGENT_PLATFORM_SLUGS: readonly ["openclaw", "claude-code", "claude-desktop", "cursor", "windsurf", "cline", "gemini-cli", "continue-dev", "github-copilot", "goose", "kilo-code", "other-mcp", "github-actions", "unknown"];
+declare const AGENT_PLATFORM_SLUGS: readonly ["openclaw", "claude-code", "claude-desktop", "cursor", "windsurf", "cline", "gemini-cli", "continue-dev", "github-copilot", "goose", "kilo-code", "opencode", "codex-cli", "other-mcp", "github-actions", "unknown"];
 type AgentPlatformSlug = (typeof AGENT_PLATFORM_SLUGS)[number];
 /**
  * Possible operational states for an agent.

package/dist/index.d.ts

@@ -12,7 +12,7 @@ import { LitElement, PropertyValues, HTMLTemplateResult } from 'lit';
 /**
  * Agent client platforms supported by hosted proxy and native hooks (aligned with API validation).
  */
-declare const AGENT_PLATFORM_SLUGS: readonly ["openclaw", "claude-code", "claude-desktop", "cursor", "windsurf", "cline", "gemini-cli", "continue-dev", "github-copilot", "goose", "kilo-code", "other-mcp", "github-actions", "unknown"];
+declare const AGENT_PLATFORM_SLUGS: readonly ["openclaw", "claude-code", "claude-desktop", "cursor", "windsurf", "cline", "gemini-cli", "continue-dev", "github-copilot", "goose", "kilo-code", "opencode", "codex-cli", "other-mcp", "github-actions", "unknown"];
 type AgentPlatformSlug = (typeof AGENT_PLATFORM_SLUGS)[number];
 /**
  * Possible operational states for an agent.

package/dist/index.js

@@ -24,6 +24,8 @@ var AGENT_PLATFORM_SLUGS = [
   "github-copilot",
   "goose",
   "kilo-code",
+  "opencode",
+  "codex-cli",
   "other-mcp",
   "github-actions",
   "unknown"

package/dist/multicorn-proxy.js

@@ -925,6 +925,115 @@ require(${JSON.stringify(destPost)});
   await writeFile(preWrapper, preContent, { encoding: "utf8", mode: 493 });
   await writeFile(postWrapper, postContent, { encoding: "utf8", mode: 493 });
 }
+function getOpenCodeGlobalPluginsDir() {
+  return join(homedir(), ".config", "opencode", "plugins");
+}
+async function installOpenCodeNativePlugin() {
+  const root = multicornShieldPackageRoot();
+  const src = join(root, "plugins", "opencode", "multicorn-shield.ts");
+  if (!existsSync(src)) {
+    throw new Error(
+      `Could not find Shield OpenCode plugin at ${src}. If you use npm, install the latest multicorn-shield package.`
+    );
+  }
+  const destDir = getOpenCodeGlobalPluginsDir();
+  await mkdir(destDir, { recursive: true });
+  const dest = join(destDir, "multicorn-shield.ts");
+  await copyFile(src, dest);
+}
+function getCodexCliHooksInstallDir() {
+  return join(homedir(), ".multicorn", "codex-cli-hooks");
+}
+function getCodexConfigTomlPath() {
+  return join(homedir(), ".codex", "config.toml");
+}
+function getCodexHooksJsonPath() {
+  return join(homedir(), ".codex", "hooks.json");
+}
+async function installCodexCliNativeHooks() {
+  const root = multicornShieldPackageRoot();
+  const scriptsDir = join(root, "plugins", "codex-cli", "hooks", "scripts");
+  const preHook = join(scriptsDir, "pre-tool-use.cjs");
+  const postHook = join(scriptsDir, "post-tool-use.cjs");
+  const toolMap = join(scriptsDir, "codex-cli-tool-map.cjs");
+  const sharedHook = join(scriptsDir, "codex-cli-hooks-shared.cjs");
+  if (!existsSync(preHook) || !existsSync(postHook) || !existsSync(toolMap) || !existsSync(sharedHook)) {
+    throw new Error(
+      `Could not find Shield Codex CLI hook scripts at ${scriptsDir}. If you use npm, install the latest multicorn-shield package.`
+    );
+  }
+  const destDir = getCodexCliHooksInstallDir();
+  await mkdir(destDir, { recursive: true });
+  await copyFile(preHook, join(destDir, "pre-tool-use.cjs"));
+  await copyFile(postHook, join(destDir, "post-tool-use.cjs"));
+  await copyFile(toolMap, join(destDir, "codex-cli-tool-map.cjs"));
+  await copyFile(sharedHook, join(destDir, "codex-cli-hooks-shared.cjs"));
+  const configTomlPath = getCodexConfigTomlPath();
+  await mkdir(join(homedir(), ".codex"), { recursive: true });
+  let tomlContent = "";
+  try {
+    tomlContent = await readFile(configTomlPath, "utf8");
+  } catch (err) {
+    if (!isErrnoException(err) || err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  if (tomlContent.includes("codex_hooks")) {
+    tomlContent = tomlContent.replace(/codex_hooks/g, "hooks");
+    await writeFile(configTomlPath, tomlContent, "utf8");
+  }
+  if (!/\bhooks\s*=\s*true/.test(tomlContent)) {
+    tomlContent = tomlContent.includes("[features]") ? tomlContent.replace("[features]", "[features]\nhooks = true") : tomlContent.trimEnd() + (tomlContent.length > 0 ? "\n\n" : "") + "[features]\nhooks = true\n";
+    await writeFile(configTomlPath, tomlContent, "utf8");
+  }
+  const hooksConfig = {
+    hooks: {
+      PreToolUse: [
+        {
+          matcher: "",
+          hooks: [
+            {
+              type: "command",
+              command: `node ${join(destDir, "pre-tool-use.cjs")}`,
+              statusMessage: "Checking Shield permissions"
+            }
+          ]
+        }
+      ],
+      PostToolUse: [
+        {
+          matcher: "",
+          hooks: [
+            {
+              type: "command",
+              command: `node ${join(destDir, "post-tool-use.cjs")}`,
+              timeout: 30,
+              statusMessage: "Logging to Shield"
+            }
+          ]
+        }
+      ]
+    }
+  };
+  await writeFile(getCodexHooksJsonPath(), JSON.stringify(hooksConfig, null, 2) + "\n", "utf8");
+}
+async function promptCodexCliIntegrationMode(ask) {
+  process.stderr.write("\n" + style.bold("Codex CLI integration") + "\n");
+  process.stderr.write(
+    "  " + style.violet("1") + ". Native plugin - Shield checks terminal (Bash) commands via Codex Hooks\n"
+  );
+  process.stderr.write(
+    "  " + style.violet("2") + ". Hosted proxy - govern MCP server traffic via config.toml\n"
+  );
+  let choice = 0;
+  while (choice === 0) {
+    const input = await ask("Choose integration (1-2): ");
+    const num = parseInt(input.trim(), 10);
+    if (num === 1) choice = 1;
+    if (num === 2) choice = 2;
+  }
+  return choice === 1 ? "native" : "hosted";
+}
 async function promptClineIntegrationMode(ask) {
   process.stderr.write("\n" + style.bold("Cline integration") + "\n");
   process.stderr.write(
@@ -1284,6 +1393,23 @@ async function promptGeminiCliIntegrationMode(ask) {
   }
   return choice === 1 ? "native" : "hosted";
 }
+async function promptOpencodeIntegrationMode(ask) {
+  process.stderr.write("\n" + style.bold("OpenCode integration") + "\n");
+  process.stderr.write(
+    "  " + style.violet("1") + ". Native plugin (recommended) - Shield checks primary-agent tool execution via OpenCode Hooks\n"
+  );
+  process.stderr.write(
+    "  " + style.violet("2") + ". Hosted proxy - govern MCP server traffic via opencode.json (full subagent coverage when tools use MCP through Shield)\n"
+  );
+  let choice = 0;
+  while (choice === 0) {
+    const input = await ask("Choose integration (1-2): ");
+    const num = parseInt(input.trim(), 10);
+    if (num === 1) choice = 1;
+    if (num === 2) choice = 2;
+  }
+  return choice === 1 ? "native" : "hosted";
+}
 function getClaudeDesktopConfigPath() {
   switch (process.platform) {
     case "win32":
@@ -1828,6 +1954,49 @@ async function mergeKiloCodeProjectMcp(workspacePath, shortName, proxyUrl, apiKe
   }
   return "ok";
 }
+async function injectOpencodeSchemaIntoConfigIfMissing(filePath) {
+  try {
+    const raw = await readFile(filePath, "utf8");
+    const stripped = raw.replace(/\/\/.*$/gm, "").replace(/\/\*[\s\S]*?\*\//g, "");
+    let parsed;
+    try {
+      parsed = JSON.parse(stripped);
+    } catch {
+      return;
+    }
+    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) return;
+    const root = parsed;
+    const existingSchema = root["$schema"];
+    if (typeof existingSchema === "string" && existingSchema.length > 0) return;
+    root["$schema"] = OPENCODE_CONFIG_SCHEMA_URL;
+    await writeFile(filePath, JSON.stringify(root, null, 2) + "\n", SECRET_JSON_FILE_OPTIONS);
+  } catch {
+  }
+}
+async function mergeOpenCodeProjectMcp(workspacePath, shortName, proxyUrl, apiKey) {
+  const filePath = join(workspacePath, "opencode.json");
+  const result = await mergeTopLevelKeyedJsonFile(
+    filePath,
+    "mcp",
+    shortName,
+    {
+      type: "remote",
+      url: proxyUrl,
+      headers: { Authorization: `Bearer ${apiKey}` },
+      enabled: true
+    },
+    {
+      stripJsonComments: true,
+      onExisting: "skip"
+    }
+  );
+  if (result === "parse-error") return "parse-error";
+  await injectOpencodeSchemaIntoConfigIfMissing(filePath);
+  if (result === "ok") {
+    await warnIfApiKeyFileNotGitignored(workspacePath, "opencode.json");
+  }
+  return "ok";
+}
 function printHostedProxyJsonParseWarning(filePath) {
   process.stderr.write(
     style.yellow("\u26A0") + " Could not parse JSON at " + style.cyan(filePath) + style.dim(" - showing paste snippet instead.") + "\n"
@@ -1870,6 +2039,13 @@ function printHostedProxyPostWriteHints(platform, shortName) {
       style.dim("Restart Kilo Code or reload the window so it picks up .kilo/kilo.jsonc.") + "\n"
     );
   }
+  if (platform === "opencode") {
+    process.stderr.write(
+      style.dim(
+        "Restart OpenCode or start a new session so it picks up opencode.json. For global MCP, merge the same snippet into ~/.config/opencode/opencode.json."
+      ) + "\n"
+    );
+  }
 }
 async function applyHostedProxyMcpConfig(platform, proxyUrl, shortName, apiKey, workspacePath) {
   const authHeader = `Bearer ${apiKey}`;
@@ -1966,6 +2142,19 @@ async function applyHostedProxyMcpConfig(platform, proxyUrl, shortName, apiKey,
       if (result === "parse-error") {
         printHostedProxyJsonParseWarning(join(workspacePath, ".kilo", "kilo.jsonc"));
       }
+    } else if (platform === "opencode") {
+      result = await mergeOpenCodeProjectMcp(
+        workspacePath,
+        shortName,
+        proxyUrlWithKeyWhenNeeded,
+        apiKey
+      );
+      if (result === "parse-error") {
+        printHostedProxyJsonParseWarning(join(workspacePath, "opencode.json"));
+      }
+    } else if (platform === "codex-cli") {
+      printPlatformSnippet(platform, proxyUrl, shortName, apiKey);
+      return;
     } else if (platform === "continue-dev") {
       result = await mergeContinueHostedMcp(
         workspacePath,
@@ -2100,7 +2289,9 @@ function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
     "kilo-code",
     "github-copilot",
     "continue-dev",
-    "goose"
+    "goose",
+    "opencode",
+    "codex-cli"
   ]);
   const usesInlineKey = hostedInlinePlatforms.has(platform);
   const authHeader = usesInlineKey ? `Bearer ${apiKey}` : "Bearer YOUR_SHIELD_API_KEY";
@@ -2183,6 +2374,29 @@ mcpServers:
       null,
       2
     );
+  } else if (platform === "opencode") {
+    snippetText = JSON.stringify(
+      {
+        $schema: OPENCODE_CONFIG_SCHEMA_URL,
+        mcp: {
+          [shortName]: {
+            type: "remote",
+            url: urlInSnippet,
+            headers: {
+              Authorization: authHeader
+            },
+            enabled: true
+          }
+        }
+      },
+      null,
+      2
+    );
+  } else if (platform === "codex-cli") {
+    snippetText = `[mcp_servers.${shortName}]
+url = "${urlInSnippet}"
+bearer_token_env_var = "MULTICORN_API_KEY"
+`;
   } else {
     const urlKey = platform === "windsurf" ? "serverUrl" : "url";
     snippetText = JSON.stringify(
@@ -2220,6 +2434,18 @@ mcpServers:
     process.stderr.write(
       "\n" + style.dim(`Add this to ${join(resolve(process.cwd()), ".kilo", "kilo.jsonc")}:`) + "\n\n"
     );
+  } else if (platform === "opencode") {
+    process.stderr.write(
+      "\n" + style.dim(
+        "Add this to opencode.json in your project root (or ~/.config/opencode/opencode.json for global config). OpenCode detects configured MCP servers on the next session start."
+      ) + "\n\n"
+    );
+  } else if (platform === "codex-cli") {
+    process.stderr.write(
+      "\n" + style.dim(
+        "Add this to ~/.codex/config.toml (create the file if it does not exist). Set the MULTICORN_API_KEY environment variable to your Shield API key. Restart Codex CLI after saving."
+      ) + "\n\n"
+    );
   } else if (platform === "github-copilot") {
     process.stderr.write(
       "\n" + style.dim(
@@ -2283,6 +2509,11 @@ mcpServers:
   if (platform === "goose") {
     process.stderr.write(style.dim("Start a new Goose session after updating config.") + "\n");
   }
+  if (platform === "opencode") {
+    process.stderr.write(
+      style.dim("Restart OpenCode or start a new session after saving opencode.json.") + "\n"
+    );
+  }
 }
 function agentDisplayNameDedupeKey(name) {
   return name.trim().normalize("NFKC").toLowerCase();
@@ -2842,6 +3073,189 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
           setupSucceeded = true;
         }
       }
+    } else if (selectedPlatform === "opencode") {
+      const opencodeMode = await promptOpencodeIntegrationMode(ask);
+      if (opencodeMode === "native") {
+        try {
+          await installOpenCodeNativePlugin();
+          process.stderr.write("\n" + style.bold("Shield OpenCode plugin installed") + "\n\n");
+          process.stderr.write(
+            style.dim("Plugin file: ") + style.cyan(getOpenCodeGlobalPluginsDir()) + "\n"
+          );
+          process.stderr.write("\n");
+          process.stderr.write(
+            style.dim(
+              "Shield plugin saved under ~/.config/opencode/plugins/. Restart OpenCode. Every tool call from the primary agent will be checked by Shield."
+            ) + "\n"
+          );
+          process.stderr.write("\n");
+          process.stderr.write(
+            style.dim(
+              "Note: Tool calls delegated to subagents via the task tool are not intercepted by this plugin (OpenCode limitation). Use the hosted proxy path for MCP traffic you route through Shield for broader coverage."
+            ) + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            opencodeCliIntegration: "native"
+          });
+          setupSucceeded = true;
+        } catch (error) {
+          const detail = error instanceof Error ? error.message : String(error);
+          process.stderr.write(style.red("\u2717 ") + detail + "\n");
+        }
+      } else {
+        const { targetUrl, shortName, upstreamHeaders } = await promptProxyConfig(ask, agentName);
+        let proxyUrl = "";
+        let created = false;
+        while (!created) {
+          const spinner = withSpinner("Creating proxy config...");
+          try {
+            proxyUrl = await createProxyConfig(
+              resolvedBaseUrl,
+              apiKey,
+              agentName,
+              targetUrl,
+              shortName,
+              selectedPlatform,
+              upstreamHeaders
+            );
+            spinner.stop(true, "Proxy config created!");
+            created = true;
+          } catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            spinner.stop(false, detail);
+            const retry = await ask("Try again? (Y/n) ");
+            if (retry.trim().toLowerCase() === "n") {
+              break;
+            }
+          }
+        }
+        if (created && proxyUrl.length > 0) {
+          process.stderr.write("\n" + style.bold("Your Shield proxy URL:") + "\n");
+          process.stderr.write(
+            "  " + style.cyan(formatHostedProxyUrlForStderr(selectedPlatform, proxyUrl, apiKey)) + "\n"
+          );
+          await applyHostedProxyMcpConfig(
+            selectedPlatform,
+            proxyUrl,
+            shortName,
+            apiKey,
+            initWorkspacePath
+          );
+          process.stderr.write(
+            "\n" + style.dim(
+              "Add this to opencode.json in your project root (or ~/.config/opencode/opencode.json for global config). OpenCode detects configured MCP servers on the next session start."
+            ) + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            shortName,
+            proxyUrl,
+            opencodeCliIntegration: "hosted"
+          });
+          setupSucceeded = true;
+        }
+      }
+    } else if (selectedPlatform === "codex-cli") {
+      const codexMode = await promptCodexCliIntegrationMode(ask);
+      if (codexMode === "native") {
+        try {
+          await installCodexCliNativeHooks();
+          process.stderr.write("\n" + style.bold("Shield Codex CLI hooks installed") + "\n\n");
+          process.stderr.write(
+            style.dim("Hook scripts: ") + style.cyan(getCodexCliHooksInstallDir()) + "\n"
+          );
+          process.stderr.write(
+            style.dim("Hooks config: ") + style.cyan(getCodexHooksJsonPath()) + "\n"
+          );
+          process.stderr.write(
+            style.dim("Feature flag: ") + style.cyan(getCodexConfigTomlPath()) + "\n"
+          );
+          process.stderr.write("\n");
+          process.stderr.write(
+            style.dim(
+              "Codex hooks currently intercept terminal (Bash) commands only. File edits and MCP tool calls are not yet covered by hooks."
+            ) + "\n\n"
+          );
+          process.stderr.write(
+            style.dim(
+              "Start Codex CLI, then type /hooks to review the Shield hooks. Press 't' to trust each one before they can run."
+            ) + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            codexCliIntegration: "native"
+          });
+          setupSucceeded = true;
+        } catch (error) {
+          const detail = error instanceof Error ? error.message : String(error);
+          process.stderr.write(style.red("\u2717 ") + detail + "\n");
+        }
+      } else {
+        const { targetUrl, shortName, upstreamHeaders } = await promptProxyConfig(ask, agentName);
+        let proxyUrl = "";
+        let created = false;
+        while (!created) {
+          const spinner = withSpinner("Creating proxy config...");
+          try {
+            proxyUrl = await createProxyConfig(
+              resolvedBaseUrl,
+              apiKey,
+              agentName,
+              targetUrl,
+              shortName,
+              selectedPlatform,
+              upstreamHeaders
+            );
+            spinner.stop(true, "Proxy config created!");
+            created = true;
+          } catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            spinner.stop(false, detail);
+            const retry = await ask("Try again? (Y/n) ");
+            if (retry.trim().toLowerCase() === "n") {
+              break;
+            }
+          }
+        }
+        if (created && proxyUrl.length > 0) {
+          process.stderr.write("\n" + style.bold("Your Shield proxy URL:") + "\n");
+          process.stderr.write(
+            "  " + style.cyan(formatHostedProxyUrlForStderr(selectedPlatform, proxyUrl, apiKey)) + "\n"
+          );
+          await applyHostedProxyMcpConfig(
+            selectedPlatform,
+            proxyUrl,
+            shortName,
+            apiKey,
+            initWorkspacePath
+          );
+          process.stderr.write(
+            "\n" + style.dim(
+              "Add the TOML snippet above to ~/.codex/config.toml. Set the MULTICORN_API_KEY environment variable to your Shield API key. Restart Codex CLI after saving."
+            ) + "\n"
+          );
+          configuredAgents.push({
+            selection,
+            platform: selectedPlatform,
+            platformLabel: selectedLabel,
+            agentName,
+            shortName,
+            proxyUrl,
+            codexCliIntegration: "hosted"
+          });
+          setupSucceeded = true;
+        }
+      }
     } else if (selectedPlatform === "cline") {
       const clineMode = await promptClineIntegrationMode(ask);
       if (clineMode === "native") {
@@ -3137,6 +3551,39 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
         "\n" + style.bold("Gemini CLI (hosted)") + "\n  \u2192 Try it: make a request in Gemini CLI - Shield will intercept the first tool call and ask for your consent\n"
       );
     }
+    const opencodeNativeConfigured = configuredAgents.some(
+      (a) => a.platform === "opencode" && a.opencodeCliIntegration === "native"
+    );
+    const opencodeHostedConfigured = configuredAgents.some(
+      (a) => a.platform === "opencode" && a.opencodeCliIntegration === "hosted"
+    );
+    if (opencodeNativeConfigured) {
+      blocks.push(
+        "\n" + style.bold("OpenCode (native)") + "\n  \u2192 If you just installed OpenCode, open a new terminal tab (or run: source ~/.zshrc)\n  \u2192 Restart OpenCode so it loads ~/.config/opencode/plugins/multicorn-shield.ts\n  \u2192 Try it: trigger a primary-agent tool call - Shield will intercept the first actionable tool and ask for your consent\n"
+      );
+    }
+    if (opencodeHostedConfigured) {
+      const ocLabel = mcpPromptLabel2("opencode");
+      blocks.push(
+        "\n" + style.bold("OpenCode (hosted)") + '\n  \u2192 Restart OpenCode or start a new session after saving opencode.json\n  \u2192 Try it: paste this into OpenCode:\n    "Use the ' + ocLabel + ' MCP server to list allowed directories"\n'
+      );
+    }
+    const codexNativeConfigured = configuredAgents.some(
+      (a) => a.platform === "codex-cli" && a.codexCliIntegration === "native"
+    );
+    const codexHostedConfigured = configuredAgents.some(
+      (a) => a.platform === "codex-cli" && a.codexCliIntegration === "hosted"
+    );
+    if (codexNativeConfigured) {
+      blocks.push(
+        "\n" + style.bold("Codex CLI (native)") + "\n  \u2192 Start Codex CLI (run 'codex' in your terminal)\n  \u2192 Type /hooks to review the Shield hooks - press 't' to trust each one\n  \u2192 Once both hooks are trusted, try a Bash command - Shield will intercept and check permissions\n  \u2192 Note: hooks currently cover terminal (Bash) commands only\n"
+      );
+    }
+    if (codexHostedConfigured) {
+      blocks.push(
+        "\n" + style.bold("Codex CLI (hosted)") + "\n  \u2192 Set the MULTICORN_API_KEY environment variable to your Shield API key\n  \u2192 Restart Codex CLI after saving config.toml\n  \u2192 Try it: make a request that uses an MCP tool through Shield\n"
+      );
+    }
     if (configuredPlatforms.has("other-mcp")) {
       blocks.push(
         "\n" + style.bold("Local MCP / Other") + "\n  \u2192 Run your configured wrap command (for example " + style.cyan("npx multicorn-shield --wrap ...") + ")\n  \u2192 Try it: make a request in your coding agent - Shield will intercept the first tool call and ask for your consent\n"
@@ -3156,7 +3603,7 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
   }
   return lastConfig;
 }
-var SECRET_JSON_FILE_OPTIONS, style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, PLATFORM_BY_SELECTION, HOSTED_PROXY_PLATFORMS_WITH_URL_KEY, DEFAULT_SHIELD_API_BASE_URL;
+var SECRET_JSON_FILE_OPTIONS, style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, PLATFORM_BY_SELECTION, HOSTED_PROXY_PLATFORMS_WITH_URL_KEY, OPENCODE_CONFIG_SCHEMA_URL, DEFAULT_SHIELD_API_BASE_URL;
 var init_config = __esm({
   "src/proxy/config.ts"() {
     init_consent();
@@ -3196,6 +3643,18 @@ var init_config = __esm({
       { slug: "windsurf", displayName: "Windsurf", section: "native" },
       { slug: "cline", displayName: "Cline", section: "native" },
       { slug: "gemini-cli", displayName: "Gemini CLI", section: "native" },
+      {
+        slug: "opencode",
+        displayName: "OpenCode",
+        section: "native",
+        prereqUrl: "https://opencode.ai"
+      },
+      {
+        slug: "codex-cli",
+        displayName: "Codex CLI",
+        section: "native",
+        prereqUrl: "https://github.com/openai/codex"
+      },
       {
         slug: "cursor",
         displayName: "Cursor",
@@ -3256,6 +3715,7 @@ var init_config = __esm({
       "continue-dev",
       "goose"
     ]);
+    OPENCODE_CONFIG_SCHEMA_URL = "https://opencode.ai/config.json";
     DEFAULT_SHIELD_API_BASE_URL = "https://api.multicorn.ai";
   }
 });
@@ -4200,7 +4660,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "multicorn-shield",
-      version: "1.7.0",
+      version: "1.9.0",
       description: "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
       license: "MIT",
       author: "Multicorn AI Pty Ltd",
@@ -4240,6 +4700,7 @@ var init_package = __esm({
         "plugins/windsurf",
         "plugins/cline",
         "plugins/gemini-cli",
+        "plugins/opencode",
         "LICENSE",
         "README.md",
         "CHANGELOG.md"
@@ -4298,6 +4759,7 @@ var init_package = __esm({
         "@anthropic-ai/mcpb": "^2.1.2",
         "@eslint/js": "^9.19.0",
         "@open-wc/testing-helpers": "^3.0.1",
+        "@opencode-ai/plugin": "^1.14.48",
         "@size-limit/file": "^11.1.6",
         "@types/node": "^22.0.0",
         "@vitest/coverage-v8": "^3.0.5",