multicorn-shield 1.9.2 → 1.9.4

package/CHANGELOG.md

@@ -9,11 +9,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Bump `version` in `package.json` before publishing to npm.
 
+## [1.9.4] - 2026-05-13
+
+### Fixed
+
+- Double "Bearer" prefix in Codex CLI hosted proxy TOML snippet (was outputting `Bearer Bearer mcs_...`)
+- Codex CLI hosted proxy now auto-writes MCP server config to `~/.codex/config.toml` instead of asking users to paste manually
+- PreToolUse hook now prints the consent/approval URL to stderr so users know where to approve
+
+### Changed
+
+- Codex CLI hosted proxy next-steps updated: "Restart Codex CLI to load the new MCP server config"
+- Added copy-pasteable "Try it out" prompt to Codex CLI hosted proxy next-steps
+
+## [1.9.3] - 2026-05-13
+
+### Fixed
+
+- Codex CLI hosted proxy snippet uses `http_headers` with inline API key instead of `bearer_token_env_var` (no env var setup needed)
+- Removed "Set MULTICORN_API_KEY environment variable" instruction from hosted proxy next-steps
+- Added `/mcp` verification step to Codex CLI hosted proxy next-steps
+
 ## [1.9.2] - 2026-05-12
 
 ### Fixed
 
-- Codex CLI hosted proxy next-steps now includes /mcp verification step
+- Include `plugins/codex-cli` in published npm package (missing from `files` in package.json)
 
 ## [1.9.1] - 2026-05-12
 

package/dist/multicorn-proxy.js

@@ -947,6 +947,68 @@ function getCodexCliHooksInstallDir() {
 function getCodexConfigTomlPath() {
   return join(homedir(), ".codex", "config.toml");
 }
+function escapeTomlDoubleQuotedScalar(value) {
+  return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}
+function stripCodexMcpServerTomlBlocks(content, serverKey) {
+  const lines = content.split(/\r?\n/);
+  const mainHeader = `[mcp_servers.${serverKey}]`;
+  const headersHeader = `[mcp_servers.${serverKey}.http_headers]`;
+  const out = [];
+  let state = "idle";
+  for (const line of lines) {
+    const t = line.trim();
+    if (state === "idle") {
+      if (t === mainHeader || t === headersHeader) {
+        state = t === headersHeader ? "skip_headers" : "skip_main";
+        continue;
+      }
+      out.push(line);
+    } else if (state === "skip_main") {
+      if (t.startsWith("[") && t.endsWith("]")) {
+        if (t === headersHeader) {
+          state = "skip_headers";
+        } else {
+          state = "idle";
+          out.push(line);
+        }
+      }
+    } else {
+      if (t.startsWith("[") && t.endsWith("]")) {
+        state = "idle";
+        out.push(line);
+      }
+    }
+  }
+  return out.join("\n").trimEnd();
+}
+async function mergeCodexHostedMcpIntoToml(shortName, proxyUrl, apiKey) {
+  const configPath = getCodexConfigTomlPath();
+  let existing = "";
+  try {
+    existing = await readFile(configPath, "utf8");
+  } catch (err) {
+    if (!(isErrnoException(err) && err.code === "ENOENT")) {
+      const detail = err instanceof Error ? err.message : String(err);
+      throw new Error(`Could not read Codex CLI config at ${configPath}: ${detail}`);
+    }
+  }
+  const stripped = stripCodexMcpServerTomlBlocks(existing, shortName);
+  const urlEsc = escapeTomlDoubleQuotedScalar(proxyUrl);
+  const tokenEsc = escapeTomlDoubleQuotedScalar(apiKey);
+  const block = `[mcp_servers.${shortName}]
+url = "${urlEsc}"
+
+[mcp_servers.${shortName}.http_headers]
+Authorization = "Bearer ${tokenEsc}"
+`;
+  const trimmedBase = stripped.trimEnd();
+  const full = (trimmedBase.length > 0 ? `${trimmedBase}
+
+` : "") + block;
+  await mkdir(dirname(configPath), { recursive: true });
+  await writeFile(configPath, full, SECRET_JSON_FILE_OPTIONS);
+}
 function getCodexHooksJsonPath() {
   return join(homedir(), ".codex", "hooks.json");
 }
@@ -2153,7 +2215,20 @@ async function applyHostedProxyMcpConfig(platform, proxyUrl, shortName, apiKey,
         printHostedProxyJsonParseWarning(join(workspacePath, "opencode.json"));
       }
     } else if (platform === "codex-cli") {
-      printPlatformSnippet(platform, proxyUrl, shortName, apiKey);
+      let codexTomlWritten = false;
+      try {
+        await mergeCodexHostedMcpIntoToml(shortName, proxyUrlWithKeyWhenNeeded, apiKey);
+        codexTomlWritten = true;
+        process.stderr.write(
+          style.green("\u2713 ") + "MCP server config written to " + style.cyan(getCodexConfigTomlPath()) + "\n"
+        );
+      } catch (err) {
+        process.stderr.write(
+          `${style.yellow("!")} Could not auto-write config: ${err instanceof Error ? err.message : String(err)}
+`
+        );
+      }
+      printPlatformSnippet(platform, proxyUrl, shortName, apiKey, codexTomlWritten);
       return;
     } else if (platform === "continue-dev") {
       result = await mergeContinueHostedMcp(
@@ -2279,7 +2354,7 @@ async function mergeGooseConfig(shortName, proxyUrl, apiKey) {
   writeMcpAddedLine(shortName, filePath);
   return "ok";
 }
-function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
+function printPlatformSnippet(platform, routingToken, shortName, apiKey, codexCliTomlWritten) {
   const hostedInlinePlatforms = /* @__PURE__ */ new Set([
     "cursor",
     "claude-desktop",
@@ -2393,9 +2468,12 @@ mcpServers:
       2
     );
   } else if (platform === "codex-cli") {
+    const bearerToken = authHeader.startsWith("Bearer ") ? authHeader.slice("Bearer ".length) : authHeader;
     snippetText = `[mcp_servers.${shortName}]
 url = "${urlInSnippet}"
-bearer_token_env_var = "MULTICORN_API_KEY"
+
+[mcp_servers.${shortName}.http_headers]
+Authorization = "Bearer ${bearerToken}"
 `;
   } else {
     const urlKey = platform === "windsurf" ? "serverUrl" : "url";
@@ -2441,11 +2519,15 @@ bearer_token_env_var = "MULTICORN_API_KEY"
       ) + "\n\n"
     );
   } else if (platform === "codex-cli") {
-    process.stderr.write(
-      "\n" + style.dim(
-        "Add this to ~/.codex/config.toml (create the file if it does not exist). Set the MULTICORN_API_KEY environment variable to your Shield API key. Restart Codex CLI after saving."
-      ) + "\n\n"
-    );
+    if (codexCliTomlWritten === true) {
+      process.stderr.write("\n" + style.dim("Added to ~/.codex/config.toml:") + "\n\n");
+    } else {
+      process.stderr.write(
+        "\n" + style.dim(
+          "Add this to ~/.codex/config.toml (create the file if it does not exist). Restart Codex CLI after saving."
+        ) + "\n\n"
+      );
+    }
   } else if (platform === "github-copilot") {
     process.stderr.write(
       "\n" + style.dim(
@@ -3239,11 +3321,6 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
             apiKey,
             initWorkspacePath
           );
-          process.stderr.write(
-            "\n" + style.dim(
-              "Add the TOML snippet above to ~/.codex/config.toml. Then set the environment variable:"
-            ) + "\n\n  " + style.cyan(`export MULTICORN_API_KEY="${apiKey}"`) + "\n\n" + style.dim("Restart Codex CLI after saving config.toml.") + "\n"
-          );
           configuredAgents.push({
             selection,
             platform: selectedPlatform,
@@ -3580,8 +3657,9 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       );
     }
     if (codexHostedConfigured) {
+      const codexLabel = mcpPromptLabel2("codex-cli");
       blocks.push(
-        "\n" + style.bold("Codex CLI (hosted)") + "\n  \u2192 Set the MULTICORN_API_KEY environment variable to your Shield API key\n  \u2192 Restart Codex CLI after saving config.toml\n  \u2192 Verify it's connected: run /mcp in Codex CLI to see your active MCP servers\n  \u2192 Try it: make a request that uses an MCP tool through Shield\n"
+        "\n" + style.bold("Codex CLI (hosted)") + "\n  \u2192 Restart Codex CLI to load the new MCP server config\n  \u2192 Verify it's connected: run /mcp in Codex CLI to see your active MCP servers\n  \u2192 Try it - paste this into Codex:\n    Use the " + codexLabel + " MCP server to list available tools\n"
       );
     }
     if (configuredPlatforms.has("other-mcp")) {
@@ -4660,7 +4738,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "multicorn-shield",
-      version: "1.9.2",
+      version: "1.9.4",
       description: "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
       license: "MIT",
       author: "Multicorn AI Pty Ltd",

package/dist/multicorn-shield.js

@@ -961,6 +961,68 @@ function getCodexCliHooksInstallDir() {
 function getCodexConfigTomlPath() {
   return join(homedir(), ".codex", "config.toml");
 }
+function escapeTomlDoubleQuotedScalar(value) {
+  return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}
+function stripCodexMcpServerTomlBlocks(content, serverKey) {
+  const lines = content.split(/\r?\n/);
+  const mainHeader = `[mcp_servers.${serverKey}]`;
+  const headersHeader = `[mcp_servers.${serverKey}.http_headers]`;
+  const out = [];
+  let state = "idle";
+  for (const line of lines) {
+    const t = line.trim();
+    if (state === "idle") {
+      if (t === mainHeader || t === headersHeader) {
+        state = t === headersHeader ? "skip_headers" : "skip_main";
+        continue;
+      }
+      out.push(line);
+    } else if (state === "skip_main") {
+      if (t.startsWith("[") && t.endsWith("]")) {
+        if (t === headersHeader) {
+          state = "skip_headers";
+        } else {
+          state = "idle";
+          out.push(line);
+        }
+      }
+    } else {
+      if (t.startsWith("[") && t.endsWith("]")) {
+        state = "idle";
+        out.push(line);
+      }
+    }
+  }
+  return out.join("\n").trimEnd();
+}
+async function mergeCodexHostedMcpIntoToml(shortName, proxyUrl, apiKey) {
+  const configPath = getCodexConfigTomlPath();
+  let existing = "";
+  try {
+    existing = await readFile(configPath, "utf8");
+  } catch (err) {
+    if (!(isErrnoException(err) && err.code === "ENOENT")) {
+      const detail = err instanceof Error ? err.message : String(err);
+      throw new Error(`Could not read Codex CLI config at ${configPath}: ${detail}`);
+    }
+  }
+  const stripped = stripCodexMcpServerTomlBlocks(existing, shortName);
+  const urlEsc = escapeTomlDoubleQuotedScalar(proxyUrl);
+  const tokenEsc = escapeTomlDoubleQuotedScalar(apiKey);
+  const block = `[mcp_servers.${shortName}]
+url = "${urlEsc}"
+
+[mcp_servers.${shortName}.http_headers]
+Authorization = "Bearer ${tokenEsc}"
+`;
+  const trimmedBase = stripped.trimEnd();
+  const full = (trimmedBase.length > 0 ? `${trimmedBase}
+
+` : "") + block;
+  await mkdir(dirname(configPath), { recursive: true });
+  await writeFile(configPath, full, SECRET_JSON_FILE_OPTIONS);
+}
 function getCodexHooksJsonPath() {
   return join(homedir(), ".codex", "hooks.json");
 }
@@ -2246,7 +2308,20 @@ async function applyHostedProxyMcpConfig(platform, proxyUrl, shortName, apiKey,
         printHostedProxyJsonParseWarning(join(workspacePath, "opencode.json"));
       }
     } else if (platform === "codex-cli") {
-      printPlatformSnippet(platform, proxyUrl, shortName, apiKey);
+      let codexTomlWritten = false;
+      try {
+        await mergeCodexHostedMcpIntoToml(shortName, proxyUrlWithKeyWhenNeeded, apiKey);
+        codexTomlWritten = true;
+        process.stderr.write(
+          style.green("\u2713 ") + "MCP server config written to " + style.cyan(getCodexConfigTomlPath()) + "\n"
+        );
+      } catch (err) {
+        process.stderr.write(
+          `${style.yellow("!")} Could not auto-write config: ${err instanceof Error ? err.message : String(err)}
+`
+        );
+      }
+      printPlatformSnippet(platform, proxyUrl, shortName, apiKey, codexTomlWritten);
       return;
     } else if (platform === "continue-dev") {
       result = await mergeContinueHostedMcp(
@@ -2372,7 +2447,7 @@ async function mergeGooseConfig(shortName, proxyUrl, apiKey) {
   writeMcpAddedLine(shortName, filePath);
   return "ok";
 }
-function printPlatformSnippet(platform, routingToken, shortName, apiKey) {
+function printPlatformSnippet(platform, routingToken, shortName, apiKey, codexCliTomlWritten) {
   const hostedInlinePlatforms = /* @__PURE__ */ new Set([
     "cursor",
     "claude-desktop",
@@ -2486,9 +2561,12 @@ mcpServers:
       2
     );
   } else if (platform === "codex-cli") {
+    const bearerToken = authHeader.startsWith("Bearer ") ? authHeader.slice("Bearer ".length) : authHeader;
     snippetText = `[mcp_servers.${shortName}]
 url = "${urlInSnippet}"
-bearer_token_env_var = "MULTICORN_API_KEY"
+
+[mcp_servers.${shortName}.http_headers]
+Authorization = "Bearer ${bearerToken}"
 `;
   } else {
     const urlKey = platform === "windsurf" ? "serverUrl" : "url";
@@ -2534,11 +2612,15 @@ bearer_token_env_var = "MULTICORN_API_KEY"
       ) + "\n\n"
     );
   } else if (platform === "codex-cli") {
-    process.stderr.write(
-      "\n" + style.dim(
-        "Add this to ~/.codex/config.toml (create the file if it does not exist). Set the MULTICORN_API_KEY environment variable to your Shield API key. Restart Codex CLI after saving."
-      ) + "\n\n"
-    );
+    if (codexCliTomlWritten === true) {
+      process.stderr.write("\n" + style.dim("Added to ~/.codex/config.toml:") + "\n\n");
+    } else {
+      process.stderr.write(
+        "\n" + style.dim(
+          "Add this to ~/.codex/config.toml (create the file if it does not exist). Restart Codex CLI after saving."
+        ) + "\n\n"
+      );
+    }
   } else if (platform === "github-copilot") {
     process.stderr.write(
       "\n" + style.dim(
@@ -3333,11 +3415,6 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
             apiKey,
             initWorkspacePath
           );
-          process.stderr.write(
-            "\n" + style.dim(
-              "Add the TOML snippet above to ~/.codex/config.toml. Then set the environment variable:"
-            ) + "\n\n  " + style.cyan(`export MULTICORN_API_KEY="${apiKey}"`) + "\n\n" + style.dim("Restart Codex CLI after saving config.toml.") + "\n"
-          );
           configuredAgents.push({
             selection,
             platform: selectedPlatform,
@@ -3674,8 +3751,9 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
       );
     }
     if (codexHostedConfigured) {
+      const codexLabel = mcpPromptLabel2("codex-cli");
       blocks.push(
-        "\n" + style.bold("Codex CLI (hosted)") + "\n  \u2192 Set the MULTICORN_API_KEY environment variable to your Shield API key\n  \u2192 Restart Codex CLI after saving config.toml\n  \u2192 Verify it's connected: run /mcp in Codex CLI to see your active MCP servers\n  \u2192 Try it: make a request that uses an MCP tool through Shield\n"
+        "\n" + style.bold("Codex CLI (hosted)") + "\n  \u2192 Restart Codex CLI to load the new MCP server config\n  \u2192 Verify it's connected: run /mcp in Codex CLI to see your active MCP servers\n  \u2192 Try it - paste this into Codex:\n    Use the " + codexLabel + " MCP server to list available tools\n"
       );
     }
     if (configuredPlatforms.has("other-mcp")) {
@@ -4583,7 +4661,7 @@ async function restoreClaudeDesktopMcpFromBackup() {
 
 // package.json
 var package_default = {
-  version: "1.9.2"};
+  version: "1.9.4"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/dist/shield-extension.js

@@ -22517,7 +22517,7 @@ async function writeExtensionBackup(claudeDesktopConfigPath, mcpServers) {
 
 // package.json
 var package_default = {
-  version: "1.9.2"};
+  version: "1.9.4"};
 
 // src/package-meta.ts
 var PACKAGE_VERSION = package_default.version;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "multicorn-shield",
-  "version": "1.9.2",
+  "version": "1.9.4",
   "description": "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
   "license": "MIT",
   "author": "Multicorn AI Pty Ltd",

package/plugins/codex-cli/hooks/scripts/pre-tool-use.cjs

@@ -164,7 +164,7 @@ function openBrowser(url) {
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
-async function pollApprovalStatus(config, approvalId) {
+async function pollApprovalStatus(config, approvalId, consentLink) {
   let lastProgressWrite = Date.now();
   for (let i = 0; i < MAX_APPROVAL_POLLS; i++) {
     if (i > 0) {
@@ -172,9 +172,8 @@ async function pollApprovalStatus(config, approvalId) {
     }
     const now = Date.now();
     if (now - lastProgressWrite >= 3e4) {
-      process.stderr.write(
-        "[Shield] Waiting for approval... (open the consent screen in your browser)\n",
-      );
+      process.stderr.write(`[Shield] Waiting for approval... ${consentLink}
+`);
       lastProgressWrite = now;
     }
     let statusCode;
@@ -235,13 +234,16 @@ async function handlePendingWithConsentAndPoll(
   actionType,
   approvalsUrl,
 ) {
+  const consentLink = consentUrl(config.baseUrl, config.agentName, service, actionType);
+  process.stderr.write(`[Shield] Action requires approval. Open: ${consentLink}
+`);
   if (hasConsentMarker(config.agentName)) {
     process.stderr.write(
       `[Shield] Waiting for approval (up to 5 min)...
   Approve in the Shield dashboard: ${approvalsUrl}
 `,
     );
-    const approved2 = await pollApprovalStatus(config, approvalId);
+    const approved2 = await pollApprovalStatus(config, approvalId, consentLink);
     if (approved2) {
       process.exit(0);
     }
@@ -251,13 +253,12 @@ async function handlePendingWithConsentAndPoll(
     );
     process.exit(0);
   }
-  const url = consentUrl(config.baseUrl, config.agentName, service, actionType);
   writeConsentMarker(config.agentName);
-  openBrowser(url);
+  openBrowser(consentLink);
   process.stderr.write(
     "[Shield] Opening Shield consent screen... Waiting for approval (up to 5 min).\n",
   );
-  const approved = await pollApprovalStatus(config, approvalId);
+  const approved = await pollApprovalStatus(config, approvalId, consentLink);
   if (approved) {
     process.exit(0);
   }