npm - multicorn-shield - Versions diffs - 1.9.5 → 1.11.0 - Mend

multicorn-shield 1.9.5 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +29 -0
package/README.md +87 -523
package/dist/index.cjs +31 -20
package/dist/index.d.cts +14 -6
package/dist/index.d.ts +14 -6
package/dist/index.js +12 -1
package/dist/multicorn-proxy.js +1600 -160
package/dist/multicorn-shield.js +1590 -163
package/dist/proxy.cjs +2 -0
package/dist/proxy.d.cts +3 -0
package/dist/proxy.d.ts +3 -0
package/dist/proxy.js +2 -0
package/dist/shield-extension.js +3 -1
package/package.json +42 -22
package/plugins/cline/hooks/scripts/post-tool-use.cjs +0 -0
package/plugins/cline/hooks/scripts/pre-tool-use.cjs +0 -0

package/dist/multicorn-proxy.js CHANGED Viewed

@@ -1,15 +1,16 @@
 #!/usr/bin/env node
 import { createHash } from 'crypto';
-import { readFile, mkdir, writeFile, copyFile, chmod, unlink } from 'fs/promises';
-import { dirname, resolve, join, basename, sep } from 'path';
+import { readFile, mkdir, writeFile, copyFile, chmod, rename, rm, unlink } from 'fs/promises';
+import { dirname, resolve, basename, join, sep } from 'path';
 import { homedir } from 'os';
-import { spawn } from 'child_process';
-import { readFileSync, existsSync, statSync } from 'fs';
+import { spawn, spawnSync } from 'child_process';
+import { existsSync, readFileSync, mkdirSync, openSync, realpathSync, unlinkSync, writeFileSync, statSync, readdirSync } from 'fs';
 import { fileURLToPath } from 'url';
 import { createRequire } from 'module';
 import { createInterface } from 'readline';
 import { parse, stringify } from 'yaml';
 import 'stream';
+import { createConnection } from 'net';
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -235,6 +236,7 @@ async function fetchGrantedScopes(agentId, apiKey, baseUrl) {
     if (perm.revoked_at !== null) continue;
     if (perm.read) scopes.push({ service: perm.service, permissionLevel: "read" });
     if (perm.write) scopes.push({ service: perm.service, permissionLevel: "write" });
+    if (perm.delete === true) scopes.push({ service: perm.service, permissionLevel: "delete" });
     if (perm.execute) scopes.push({ service: perm.service, permissionLevel: "execute" });
   }
   return scopes;
@@ -324,7 +326,7 @@ function detectScopeHints() {
   return [];
 }
 function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
+  return new Promise((resolve3) => setTimeout(resolve3, ms));
 }
 function isApiSuccessResponse(value) {
   if (typeof value !== "object" || value === null) return false;
@@ -1878,6 +1880,17 @@ async function warnIfApiKeyFileNotGitignored(workspaceRoot, relativePosixPath) {
     style.yellow("\u26A0") + " Config contains your API key. Add " + style.cyan(norm) + " to .gitignore to avoid committing credentials.\n"
   );
 }
+async function writeFileAtomic(filePath, body) {
+  await mkdir(dirname(filePath), { recursive: true });
+  const tmp = `${filePath}.${String(process.pid)}.${String(Date.now())}.tmp`;
+  try {
+    await writeFile(tmp, body, SECRET_JSON_FILE_OPTIONS);
+    await rename(tmp, filePath);
+  } catch (e) {
+    await rm(tmp, { force: true }).catch(() => void 0);
+    throw e;
+  }
+}
 async function mergeTopLevelKeyedJsonFile(filePath, topLevelKey, shortName, entry, options) {
   let root = {};
   try {
@@ -1902,21 +1915,25 @@ async function mergeTopLevelKeyedJsonFile(filePath, topLevelKey, shortName, entr
     }
   }
   const bucketRaw = root[topLevelKey];
-  const bucket = typeof bucketRaw === "object" && bucketRaw !== null && !Array.isArray(bucketRaw) ? { ...bucketRaw } : {};
-  if (options.onExisting === "skip" && bucket[shortName] !== void 0) {
+  const existingBucket = typeof bucketRaw === "object" && bucketRaw !== null && !Array.isArray(bucketRaw) ? bucketRaw : {};
+  if (options.onExisting === "skip" && existingBucket[shortName] !== void 0) {
     return "unchanged";
   }
+  const staleKeys = new Set((options.removeKeys ?? []).filter((k) => k !== shortName));
+  const bucket = Object.fromEntries(
+    Object.entries(existingBucket).filter(([k]) => !staleKeys.has(k))
+  );
   bucket[shortName] = entry;
   root[topLevelKey] = bucket;
-  await mkdir(dirname(filePath), { recursive: true });
-  await writeFile(filePath, JSON.stringify(root, null, 2) + "\n", SECRET_JSON_FILE_OPTIONS);
+  await writeFileAtomic(filePath, JSON.stringify(root, null, 2) + "\n");
   writeMcpAddedLine(shortName, filePath);
   return "ok";
 }
-async function mergeMcpServersObjectStyle(filePath, shortName, entry) {
+async function mergeMcpServersObjectStyle(filePath, shortName, entry, removeKeys) {
   const result = await mergeTopLevelKeyedJsonFile(filePath, "mcpServers", shortName, entry, {
     stripJsonComments: false,
-    onExisting: "overwrite"
+    onExisting: "overwrite",
+    removeKeys
   });
   return result === "parse-error" ? "parse-error" : "ok";
 }
@@ -2188,8 +2205,7 @@ async function applyHostedProxyMcpConfig(platform, proxyUrl, shortName, apiKey,
       }
     } else if (platform === "cline") {
       result = await mergeMcpServersObjectStyle(getClineMcpSettingsPath(), shortName, {
-        url: proxyUrlWithKeyWhenNeeded,
-        headers: { Authorization: authHeader }
+        url: proxyUrlWithKeyWhenNeeded
       });
       if (result === "parse-error") {
         printHostedProxyJsonParseWarning(getClineMcpSettingsPath());
@@ -2477,7 +2493,17 @@ Authorization = "Bearer ${bearerToken}"
 `;
   } else {
     const urlKey = platform === "windsurf" ? "serverUrl" : "url";
-    snippetText = JSON.stringify(
+    snippetText = platform === "cline" ? JSON.stringify(
+      {
+        mcpServers: {
+          [shortName]: {
+            [urlKey]: urlInSnippet
+          }
+        }
+      },
+      null,
+      2
+    ) : JSON.stringify(
       {
         mcpServers: {
           [shortName]: {
@@ -2642,8 +2668,8 @@ async function runInit(explicitBaseUrl, options) {
     process.exit(1);
   }
   const rl = createInterface({ input: process.stdin, output: process.stderr });
-  const ask = (question) => new Promise((resolve2) => {
-    rl.question(question, resolve2);
+  const ask = (question) => new Promise((resolve3) => {
+    rl.question(question, resolve3);
   });
   process.stderr.write("\n" + BANNER + "\n");
   process.stderr.write(style.dim("Agent governance for the AI era") + "\n\n");
@@ -3673,7 +3699,254 @@ You have ${String(agentsForPlatform.length)} agent(s) connected for ${selectedLa
   }
   return lastConfig;
 }
-var SECRET_JSON_FILE_OPTIONS, style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, INIT_EXISTING_AGENTS_PLATFORM_ACTIONS, PLATFORM_BY_SELECTION, HOSTED_PROXY_PLATFORMS_WITH_URL_KEY, OPENCODE_CONFIG_SCHEMA_URL, DEFAULT_SHIELD_API_BASE_URL;
+function clientDisplayName(client) {
+  return CLIENT_DISPLAY_NAMES[client];
+}
+function clientReloadInstruction(client) {
+  return CLIENT_RELOAD_INSTRUCTIONS[client];
+}
+function clientConfigPath(client, workspacePath) {
+  switch (client) {
+    case "cursor":
+      return getCursorMcpJsonPath();
+    case "cline":
+      return getClineMcpSettingsPath();
+    case "windsurf":
+      return getWindsurfMcpConfigPath();
+    case "claude":
+      return getClaudeDesktopConfigPath();
+    case "goose":
+      return join(homedir(), ".config", "goose", "config.yaml");
+    case "gemini":
+      return join(homedir(), ".gemini", "settings.json");
+    case "codex":
+      return join(homedir(), ".codex", "config.toml");
+    case "copilot":
+      return join(workspacePath ?? ".", ".vscode", "mcp.json");
+    case "continue":
+      return join(workspacePath ?? ".", ".continue", "mcpServers");
+    case "kilo":
+      return join(workspacePath ?? ".", ".kilo", "kilo.jsonc");
+    case "opencode":
+      return join(workspacePath ?? ".", "opencode.json");
+  }
+}
+function detectInstalledClients() {
+  const found = [];
+  const homeClients = [
+    "cursor",
+    "cline",
+    "windsurf",
+    "claude",
+    "goose",
+    "gemini",
+    "codex"
+  ];
+  for (const client of homeClients) {
+    const p = clientConfigPath(client);
+    if (existsSync(p)) {
+      found.push(client);
+    } else {
+      const dir = dirname(p);
+      if (existsSync(dir)) {
+        found.push(client);
+      }
+    }
+  }
+  return found;
+}
+async function writeLocalMcpEntry(client, agentName, localProxyUrl, apiKey, workspacePath) {
+  const filePath = clientConfigPath(client, workspacePath);
+  const entryKey = agentName;
+  const legacyKeys = [`${agentName}-files`];
+  if (apiKey.trim().length === 0) {
+    process.stderr.write(
+      style.yellow("\u26A0") + ` Refusing to write MCP config for "${agentName}": missing API key. Left the config file unchanged.
+`
+    );
+    return null;
+  }
+  const authHeader = `Bearer ${apiKey}`;
+  const url = shouldEmbedKeyInHostedProxyUrl(CODING_CLIENT_TO_PLATFORM[client]) ? hostedProxyUrlWithKeyParam(localProxyUrl, apiKey) : localProxyUrl;
+  switch (client) {
+    case "cursor":
+      return await mergeMcpServersObjectStyle(
+        filePath,
+        entryKey,
+        {
+          url,
+          headers: { Authorization: authHeader }
+        },
+        legacyKeys
+      ) === "ok" ? filePath : null;
+    case "cline":
+      return await mergeMcpServersObjectStyle(
+        filePath,
+        entryKey,
+        {
+          url
+        },
+        legacyKeys
+      ) === "ok" ? filePath : null;
+    case "windsurf":
+      return await mergeMcpServersObjectStyle(
+        filePath,
+        entryKey,
+        {
+          serverUrl: url,
+          headers: { Authorization: authHeader }
+        },
+        legacyKeys
+      ) === "ok" ? filePath : null;
+    case "claude":
+      return await mergeMcpServersObjectStyle(
+        filePath,
+        entryKey,
+        {
+          url,
+          headers: { Authorization: authHeader }
+        },
+        legacyKeys
+      ) === "ok" ? filePath : null;
+    case "gemini": {
+      return await mergeMcpServersObjectStyle(
+        filePath,
+        entryKey,
+        {
+          httpUrl: url,
+          headers: { Authorization: authHeader }
+        },
+        legacyKeys
+      ) === "ok" ? filePath : null;
+    }
+    case "copilot": {
+      const result = await mergeTopLevelKeyedJsonFile(
+        filePath,
+        "servers",
+        entryKey,
+        { type: "http", url, headers: { Authorization: authHeader } },
+        { stripJsonComments: false, onExisting: "overwrite", removeKeys: legacyKeys }
+      );
+      return result === "ok" ? filePath : null;
+    }
+    case "goose": {
+      const goosePath = filePath;
+      let content = "";
+      try {
+        content = await readFile(goosePath, "utf8");
+      } catch (e) {
+        if (isErrnoException(e) && e.code === "ENOENT") {
+          content = "";
+        } else {
+          return null;
+        }
+      }
+      let root;
+      try {
+        const data = content.trim().length === 0 ? {} : parse(content);
+        if (data === null || typeof data !== "object" || Array.isArray(data)) return null;
+        root = data;
+      } catch {
+        return null;
+      }
+      const extensionsRaw = root["extensions"];
+      let extensions;
+      if (isYamlPlainObject(extensionsRaw)) {
+        extensions = { ...extensionsRaw };
+      } else if (extensionsRaw === void 0) {
+        extensions = {};
+      } else {
+        return null;
+      }
+      extensions[entryKey] = {
+        enabled: true,
+        type: "streamable_http",
+        name: entryKey,
+        description: "",
+        uri: url,
+        envs: {},
+        env_keys: [],
+        headers: { Authorization: authHeader },
+        timeout: 300,
+        socket: null,
+        bundled: null,
+        available_tools: []
+      };
+      root["extensions"] = extensions;
+      const out = stringify(root, { indent: 2, lineWidth: 0 });
+      const body = out.endsWith("\n") ? out : `${out}
+`;
+      await mkdir(dirname(goosePath), { recursive: true });
+      await writeFile(goosePath, body, SECRET_JSON_FILE_OPTIONS);
+      return goosePath;
+    }
+    case "codex": {
+      const codexPath = filePath;
+      let existing = "";
+      try {
+        existing = await readFile(codexPath, "utf8");
+      } catch (e) {
+        if (isErrnoException(e) && e.code === "ENOENT") {
+          existing = "";
+        } else {
+          return null;
+        }
+      }
+      const sectionHeader = `[mcp_servers.${entryKey}]`;
+      const sectionBlock = `${sectionHeader}
+type = "http"
+url = "${url}"
+[mcp_servers.${entryKey}.http_headers]
+Authorization = "${authHeader}"
+`;
+      if (existing.includes(sectionHeader)) {
+        const idx = existing.indexOf(sectionHeader);
+        const nextSection = existing.indexOf("\n[", idx + sectionHeader.length);
+        const before = existing.slice(0, idx);
+        const after = nextSection >= 0 ? existing.slice(nextSection + 1) : "";
+        existing = before + sectionBlock + (after.length > 0 ? "\n" + after : "");
+      } else {
+        existing = existing.trimEnd() + "\n\n" + sectionBlock;
+      }
+      await mkdir(dirname(codexPath), { recursive: true });
+      await writeFile(codexPath, existing, SECRET_JSON_FILE_OPTIONS);
+      return codexPath;
+    }
+    case "continue": {
+      const dir = join(workspacePath ?? ".", ".continue", "mcpServers");
+      const continuePath = join(dir, `${entryKey}.yaml`);
+      const yamlContent = stringify(
+        { name: entryKey, type: "streamableHttp", url },
+        { indent: 2, lineWidth: 0 }
+      );
+      await mkdir(dir, { recursive: true });
+      await writeFile(continuePath, yamlContent, SECRET_JSON_FILE_OPTIONS);
+      return continuePath;
+    }
+    case "kilo": {
+      const result = await mergeTopLevelKeyedJsonFile(
+        filePath,
+        "mcp",
+        entryKey,
+        { url, headers: { Authorization: authHeader } },
+        { stripJsonComments: true, onExisting: "overwrite", removeKeys: legacyKeys }
+      );
+      return result === "ok" ? filePath : null;
+    }
+    case "opencode": {
+      const result = await mergeTopLevelKeyedJsonFile(
+        filePath,
+        "mcp",
+        entryKey,
+        { type: "streamablehttp", url, headers: { Authorization: authHeader } },
+        { stripJsonComments: false, onExisting: "overwrite", removeKeys: legacyKeys }
+      );
+      return result === "ok" ? filePath : null;
+    }
+  }
+}
+var SECRET_JSON_FILE_OPTIONS, style, BANNER, NativePluginPrerequisiteMissingError, CONFIG_DIR, CONFIG_PATH, OPENCLAW_CONFIG_PATH, ANSI_PATTERN, UPSTREAM_AUTH_KNOWN_SCHEME_WITH_PAYLOAD, OPENCLAW_MIN_VERSION, INIT_WIZARD_PLATFORM_REGISTRY, INIT_WIZARD_MENU_SECTIONS, INIT_WIZARD_SELECTION_MAX, INIT_EXISTING_AGENTS_PLATFORM_ACTIONS, PLATFORM_BY_SELECTION, HOSTED_PROXY_PLATFORMS_WITH_URL_KEY, OPENCODE_CONFIG_SCHEMA_URL, DEFAULT_SHIELD_API_BASE_URL, CODING_CLIENTS, CLIENT_DISPLAY_NAMES, CLIENT_RELOAD_INSTRUCTIONS, CODING_CLIENT_TO_PLATFORM;
 var init_config = __esm({
   "src/proxy/config.ts"() {
     init_consent();
@@ -3788,10 +4061,63 @@ var init_config = __esm({
       "github-copilot",
       "kilo-code",
       "continue-dev",
-      "goose"
+      "goose",
+      "cline"
     ]);
     OPENCODE_CONFIG_SCHEMA_URL = "https://opencode.ai/config.json";
     DEFAULT_SHIELD_API_BASE_URL = "https://api.multicorn.ai";
+    CODING_CLIENTS = [
+      "cursor",
+      "cline",
+      "windsurf",
+      "claude",
+      "copilot",
+      "goose",
+      "gemini",
+      "codex",
+      "continue",
+      "kilo",
+      "opencode"
+    ];
+    CLIENT_DISPLAY_NAMES = {
+      cursor: "Cursor",
+      cline: "Cline",
+      windsurf: "Windsurf",
+      claude: "Claude Desktop",
+      copilot: "GitHub Copilot",
+      goose: "Goose",
+      gemini: "Gemini CLI",
+      codex: "Codex CLI",
+      continue: "Continue",
+      kilo: "Kilo Code",
+      opencode: "OpenCode"
+    };
+    CLIENT_RELOAD_INSTRUCTIONS = {
+      cursor: "Restart Cursor or reload the window to pick up the new server.",
+      cline: "Cline picks up config changes automatically.",
+      windsurf: "Restart Windsurf to pick up the new server.",
+      claude: "Restart Claude Desktop to pick up the new server.",
+      copilot: "Reload the VS Code window (Cmd+Shift+P > Reload Window).",
+      goose: "Restart Goose to pick up the new extension.",
+      gemini: "Restart Gemini CLI to pick up the new server.",
+      codex: "Restart Codex CLI to pick up the new server.",
+      continue: "Continue picks up config changes automatically.",
+      kilo: "Kilo Code picks up config changes automatically.",
+      opencode: "Restart OpenCode to pick up the new server."
+    };
+    CODING_CLIENT_TO_PLATFORM = {
+      cursor: "cursor",
+      cline: "cline",
+      windsurf: "windsurf",
+      claude: "claude-desktop",
+      copilot: "github-copilot",
+      goose: "goose",
+      gemini: "gemini-cli",
+      codex: "codex-cli",
+      continue: "continue-dev",
+      kilo: "kilo-code",
+      opencode: "opencode"
+    };
   }
 });
@@ -3802,6 +4128,7 @@ var init_types = __esm({
     PERMISSION_LEVELS = {
       Read: "read",
       Write: "write",
+      Delete: "delete",
       Execute: "execute",
       Publish: "publish",
       Create: "create"
@@ -4024,7 +4351,7 @@ function createActionLogger(config) {
   };
 }
 function sleep2(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
+  return new Promise((resolve3) => setTimeout(resolve3, ms));
 }
 var init_action_logger = __esm({
   "src/logger/action-logger.ts"() {
@@ -4592,9 +4919,9 @@ function createProxyServer(config) {
       timer.unref();
     }
     config.logger.info("Proxy ready.", { agent: config.agentName });
-    return new Promise((resolve2) => {
+    return new Promise((resolve3) => {
       childProcess.on("exit", () => {
-        resolve2();
+        resolve3();
       });
     });
   }
@@ -4735,7 +5062,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "multicorn-shield",
-      version: "1.9.5",
+      version: "1.11.0",
       description: "The control layer for AI agents: permissions, consent, spending limits, and audit logging.",
       license: "MIT",
       author: "Multicorn AI Pty Ltd",
@@ -4826,8 +5153,11 @@ var init_package = __esm({
         ]
       },
       dependencies: {
+        "@lit/reactive-element": "^2.0.0",
         "@modelcontextprotocol/sdk": "^1.27.1",
+        "@modelcontextprotocol/server-filesystem": "^2026.1.14",
         lit: "^3.2.0",
+        supergateway: "^3.4.3",
         yaml: "^2.8.2",
         zod: "^4.3.6"
       },
@@ -4888,7 +5218,7 @@ var init_package = __esm({
       ],
       repository: {
         type: "git",
-        url: "git+https://github.com/Multicorn-AI/multicorn-shield.git"
+        url: "https://github.com/Multicorn-AI/multicorn-shield"
       },
       bugs: {
         url: "https://github.com/Multicorn-AI/multicorn-shield/issues"
@@ -4902,8 +5232,11 @@ var init_package = __esm({
           rollup: ">=4.59.0",
           picomatch: ">=4.0.4",
           "path-to-regexp": ">=8.4.0",
+          "express>path-to-regexp": ">=0.1.13",
           "node-forge": ">=1.4.0",
-          "fast-uri": ">=3.1.2"
+          "fast-uri": ">=3.1.2",
+          hono: ">=4.12.25",
+          ws: ">=8.21.0"
         }
       }
     };
@@ -4918,151 +5251,1210 @@ var init_package_meta = __esm({
     PACKAGE_VERSION = package_default.version;
   }
 });
+function pidfilePath(agent) {
+  return join(PIDFILE_DIR, `files-${agent}.pid`);
+}
+function writePidfile(data) {
+  mkdirSync(PIDFILE_DIR, { recursive: true, mode: 448 });
+  writeFileSync(pidfilePath(data.agent), JSON.stringify(data), {
+    encoding: "utf8",
+    mode: 384
+  });
+}
+function readPidfile(agent) {
+  const p = pidfilePath(agent);
+  if (!existsSync(p)) return null;
+  try {
+    return JSON.parse(readFileSync(p, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function removePidfile(agent) {
+  const p = pidfilePath(agent);
+  try {
+    unlinkSync(p);
+  } catch {
+  }
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function listAllPidfiles() {
+  if (!existsSync(PIDFILE_DIR)) return [];
+  const files = readdirSync(PIDFILE_DIR).filter(
+    (f) => f.startsWith("files-") && f.endsWith(".pid")
+  );
+  const results = [];
+  for (const f of files) {
+    try {
+      const data = JSON.parse(readFileSync(join(PIDFILE_DIR, f), "utf8"));
+      results.push(data);
+    } catch {
+    }
+  }
+  return results;
+}
+function runStatus() {
+  const sessions = listAllPidfiles();
+  if (sessions.length === 0) {
+    process.stderr.write("No active file-sharing sessions.\n");
+    return;
+  }
+  const proxyReg = readProxyRegistry();
+  const fsReg = readFsRegistry();
+  process.stderr.write("Active sessions:\n\n");
+  for (const s of sessions) {
+    const supervisorAlive = typeof s.supervisorPid === "number" && isProcessAlive(s.supervisorPid);
+    const fsEntry = fsReg[s.dir];
+    const fsAlive = fsEntry !== void 0 && isProcessAlive(fsEntry.pid);
+    const proxyAlive = proxyReg !== null && proxyReg.port === s.proxyPort && isProcessAlive(proxyReg.pid);
+    const agentStatus = supervisorAlive ? style2.green("running") : style2.dim("stopped");
+    process.stderr.write(`  ${style2.bold(s.agent)} ${agentStatus}
+`);
+    process.stderr.write(`    Folder: ${s.dir || "(unknown)"}
+`);
+    process.stderr.write(
+      `    FS server: :${String(s.fsPort)} ${fsAlive ? style2.green("running") : style2.dim("stopped")}
+`
+    );
+    process.stderr.write(
+      `    Proxy: :${String(s.proxyPort)} ${proxyAlive ? style2.green("running") : style2.dim("stopped")}
+`
+    );
+    process.stderr.write("\n");
+    if (!supervisorAlive) {
+      removePidfile(s.agent);
+      process.stderr.write(style2.dim(`    (cleaned up stale pidfile)
-// bin/multicorn-shield.ts
-var multicorn_shield_exports = {};
-__export(multicorn_shield_exports, {
-  parseArgs: () => parseArgs,
-  resolveWrapConfig: () => resolveWrapConfig,
-  runCli: () => runCli
-});
-function parseArgs(argv) {
-  const args = argv.slice(2);
-  let subcommand = "help";
-  let wrapCommand = "";
-  let wrapArgs = [];
-  let logLevel = "info";
-  let baseUrl = void 0;
-  let dashboardUrl = "";
-  let agentName = "";
-  let deleteAgentName = "";
-  let apiKey = void 0;
-  let verbose = false;
-  for (let i = 0; i < args.length; i++) {
-    const arg = args[i];
-    if (arg === "init") {
-      subcommand = "init";
-    } else if (arg === "agents") {
-      subcommand = "agents";
-    } else if (arg === "delete-agent") {
-      subcommand = "delete-agent";
-      const name = args[i + 1];
-      if (name === void 0 || name.startsWith("-")) {
-        process.stderr.write("Error: delete-agent requires an agent name.\n");
-        process.stderr.write("Example: npx multicorn-shield delete-agent my-agent\n");
-        process.exit(1);
-      }
-      deleteAgentName = name;
-      i++;
-    } else if (arg === "--wrap") {
-      subcommand = "wrap";
-      const tail = args.slice(i + 1);
-      const remaining = [];
-      for (let j = 0; j < tail.length; j++) {
-        const token = tail[j];
-        if (token === void 0) continue;
-        if (remaining.length > 0) {
-          remaining.push(token);
-          continue;
-        }
-        if (token === "--agent-name") {
-          const value = tail[j + 1];
-          if (value !== void 0) {
-            agentName = value;
-            j++;
-          }
-        } else if (token === "--log-level") {
-          const value = tail[j + 1];
-          if (value !== void 0 && isValidLogLevel(value)) {
-            logLevel = value;
-            j++;
-          }
-        } else if (token === "--base-url") {
-          const value = tail[j + 1];
-          if (value !== void 0) {
-            baseUrl = value;
-            j++;
-          }
-        } else if (token === "--dashboard-url") {
-          const value = tail[j + 1];
-          if (value !== void 0) {
-            dashboardUrl = value;
-            j++;
-          }
-        } else if (token === "--api-key") {
-          const value = tail[j + 1];
-          if (value !== void 0) {
-            apiKey = value;
-            j++;
-          }
-        } else {
-          remaining.push(token);
-        }
-      }
-      if (remaining.length === 0) {
-        process.stderr.write("Error: --wrap requires a command to run.\n");
-        process.stderr.write("Example: npx multicorn-shield --wrap my-mcp-server\n");
-        process.exit(1);
-      }
-      wrapCommand = remaining[0] ?? "";
-      wrapArgs = remaining.slice(1);
-      break;
-    } else if (arg === "--log-level") {
-      const next = args[i + 1];
-      if (next !== void 0 && isValidLogLevel(next)) {
-        logLevel = next;
-        i++;
-      }
-    } else if (arg === "--base-url") {
-      const next = args[i + 1];
-      if (next !== void 0) {
-        baseUrl = next;
-        i++;
-      }
-    } else if (arg === "--dashboard-url") {
-      const next = args[i + 1];
-      if (next !== void 0) {
-        dashboardUrl = next;
-        i++;
-      }
-    } else if (arg === "--agent-name") {
-      const next = args[i + 1];
-      if (next !== void 0) {
-        agentName = next;
-        i++;
-      }
-    } else if (arg === "--api-key") {
-      const next = args[i + 1];
-      if (next !== void 0) {
-        apiKey = next;
-        i++;
-      }
-    } else if (arg === "--verbose" || arg === "--debug") {
-      verbose = true;
+`));
     }
   }
-  return {
-    subcommand,
-    wrapCommand,
-    wrapArgs,
-    logLevel,
-    baseUrl,
-    dashboardUrl,
-    agentName,
-    deleteAgentName,
-    apiKey,
-    verbose
-  };
 }
-function printHelp() {
-  process.stderr.write(
-    [
-      "multicorn-shield: MCP permission proxy and Shield setup",
+async function isPortListening(port) {
+  return new Promise((resolve3) => {
+    const sock = createConnection({ port, host: "127.0.0.1" });
+    sock.once("connect", () => {
+      sock.destroy();
+      resolve3(true);
+    });
+    sock.once("error", () => {
+      sock.destroy();
+      resolve3(false);
+    });
+  });
+}
+async function probeProxyHealth(port) {
+  try {
+    const resp = await fetch(`http://127.0.0.1:${String(port)}/health`, {
+      signal: AbortSignal.timeout(2e3)
+    });
+    return resp.ok;
+  } catch {
+    return false;
+  }
+}
+async function readProxyVersion(port) {
+  try {
+    const resp = await fetch(`http://127.0.0.1:${String(port)}/health`, {
+      signal: AbortSignal.timeout(2e3)
+    });
+    if (!resp.ok) return null;
+    const body = await resp.json();
+    return typeof body.version === "string" && body.version.length > 0 ? body.version : null;
+  } catch {
+    return null;
+  }
+}
+function sleep3(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
+function readJsonFile(path) {
+  if (!existsSync(path)) return null;
+  try {
+    return JSON.parse(readFileSync(path, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function writeJsonFile(path, data) {
+  mkdirSync(PIDFILE_DIR, { recursive: true, mode: 448 });
+  writeFileSync(path, JSON.stringify(data), { encoding: "utf8", mode: 384 });
+}
+function readProxyRegistry() {
+  return readJsonFile(PROXY_REGISTRY);
+}
+function readFsRegistry() {
+  return readJsonFile(FS_REGISTRY) ?? {};
+}
+function canonicalFolder(dir) {
+  const abs = resolve(dir);
+  try {
+    return realpathSync(abs);
+  } catch {
+    return abs;
+  }
+}
+function readLock() {
+  return readJsonFile(LOCK_PATH);
+}
+function isLockStale(holder, now = Date.now()) {
+  if (holder === null) return true;
+  if (!isProcessAlive(holder.pid)) return true;
+  return now - holder.ts > LOCK_STALE_MS;
+}
+async function acquireResourceLock() {
+  mkdirSync(PIDFILE_DIR, { recursive: true, mode: 448 });
+  const deadline = Date.now() + LOCK_WAIT_MS;
+  for (; ; ) {
+    try {
+      writeFileSync(LOCK_PATH, JSON.stringify({ pid: process.pid, ts: Date.now() }), {
+        encoding: "utf8",
+        mode: 384,
+        flag: "wx"
+      });
+      return;
+    } catch {
+      const holder = readLock();
+      if (isLockStale(holder)) {
+        try {
+          unlinkSync(LOCK_PATH);
+        } catch {
+        }
+        continue;
+      }
+      if (Date.now() > deadline) {
+        try {
+          unlinkSync(LOCK_PATH);
+        } catch {
+        }
+        continue;
+      }
+      await sleep3(100);
+    }
+  }
+}
+function releaseResourceLock() {
+  const holder = readLock();
+  if (holder !== null && holder.pid === process.pid) {
+    try {
+      unlinkSync(LOCK_PATH);
+    } catch {
+    }
+  }
+}
+async function withResourceLock(fn) {
+  await acquireResourceLock();
+  try {
+    return await fn();
+  } finally {
+    releaseResourceLock();
+  }
+}
+function liveAgents() {
+  return listAllPidfiles().filter(
+    (p) => typeof p.supervisorPid === "number" && isProcessAlive(p.supervisorPid)
+  );
+}
+function agentsReferencingProxy(proxyPort, agents, excludeAgent) {
+  return agents.filter((a) => a.agent !== excludeAgent && a.proxyPort === proxyPort);
+}
+function agentsReferencingFolder(folder, agents, excludeAgent) {
+  return agents.filter((a) => a.agent !== excludeAgent && a.dir === folder);
+}
+async function nextFreePort(start, claimed, isBusy, range = FS_PORT_SCAN_RANGE) {
+  for (let port = start; port < start + range; port++) {
+    if (claimed.has(port)) continue;
+    if (await isBusy(port)) continue;
+    return port;
+  }
+  throw new Error(
+    `No free port for the filesystem server in range ${String(start)}-${String(start + range)}.`
+  );
+}
+async function resolveConfig(opts) {
+  const fromFlag = opts.apiKey;
+  if (fromFlag && fromFlag.length > 0) {
+    return {
+      apiKey: fromFlag,
+      baseUrl: opts.baseUrl ?? DEFAULT_SHIELD_API_BASE_URL
+    };
+  }
+  const envKey = process.env["MULTICORN_API_KEY"];
+  if (typeof envKey === "string" && envKey.length > 0) {
+    return {
+      apiKey: envKey,
+      baseUrl: opts.baseUrl ?? DEFAULT_SHIELD_API_BASE_URL
+    };
+  }
+  const config = await loadConfig();
+  if (config !== null) {
+    return {
+      apiKey: config.apiKey,
+      baseUrl: opts.baseUrl ?? config.baseUrl
+    };
+  }
+  process.stderr.write(
+    "No API key found. Pass --api-key <key> or add it to ~/.multicorn/config.json.\n"
+  );
+  process.exit(1);
+}
+function startFsServerDetached(realDir, port) {
+  mkdirSync(PIDFILE_DIR, { recursive: true, mode: 448 });
+  const logFile = join(PIDFILE_DIR, `fs-${String(port)}.log`);
+  const out = openSync(logFile, "a");
+  const err = openSync(logFile, "a");
+  const child = spawn(
+    "npx",
+    [
+      "supergateway",
+      // Serve the child over streamable HTTP at /mcp. Without this, supergateway
+      // defaults to SSE (/sse + /message), but the proxy registers the target as
+      // /mcp - the mismatch makes every request 404 with "Cannot POST /mcp".
+      "--outputTransport",
+      "streamableHttp",
+      "--stdio",
+      `npx @modelcontextprotocol/server-filesystem ${realDir}`,
+      "--port",
+      String(port)
+    ],
+    {
+      stdio: ["ignore", out, err],
+      detached: true,
+      env: { ...process.env }
+    }
+  );
+  child.unref();
+  return child;
+}
+function startLocalProxyDetached(port, apiBaseUrl) {
+  mkdirSync(PIDFILE_DIR, { recursive: true, mode: 448 });
+  const logFile = join(PIDFILE_DIR, "proxy.log");
+  const out = openSync(logFile, "a");
+  const err = openSync(logFile, "a");
+  const child = spawn("npx", ["multicorn-proxy"], {
+    stdio: ["ignore", out, err],
+    detached: true,
+    env: {
+      ...process.env,
+      PORT: String(port),
+      HOST: "127.0.0.1",
+      SHIELD_API_BASE_URL: apiBaseUrl,
+      // SAFETY: blanket-allow for private targets is acceptable ONLY because
+      // this is a local single-user proxy. The only registered target is the
+      // filesystem server on the same machine. Do NOT copy this pattern to a
+      // multi-tenant or hosted proxy deployment.
+      ALLOW_PRIVATE_TARGETS: "true"
+    }
+  });
+  child.unref();
+  return child;
+}
+async function ensureProxy(proxyPort, apiBaseUrl) {
+  if (await probeProxyHealth(proxyPort)) {
+    const reg2 = readProxyRegistry();
+    const managed = reg2 !== null && reg2.port === proxyPort && isProcessAlive(reg2.pid);
+    return { reused: true, managed };
+  }
+  const reg = readProxyRegistry();
+  if (reg !== null && !isProcessAlive(reg.pid)) {
+    try {
+      unlinkSync(PROXY_REGISTRY);
+    } catch {
+    }
+  }
+  if (await isPortListening(proxyPort)) {
+    throw new Error(
+      `A server is already running on port ${String(proxyPort)} but it's not a healthy Shield proxy. Stop it or re-run with --proxy-port <n>.`
+    );
+  }
+  const child = startLocalProxyDetached(proxyPort, apiBaseUrl);
+  for (let i = 0; i < 30; i++) {
+    await sleep3(500);
+    if (await probeProxyHealth(proxyPort)) {
+      if (child.pid !== void 0) {
+        writeJsonFile(PROXY_REGISTRY, { pid: child.pid, port: proxyPort });
+      }
+      return { reused: false, managed: true };
+    }
+  }
+  try {
+    if (child.pid !== void 0) killWithEscalation(child.pid, true);
+  } catch {
+  }
+  throw new Error(
+    `Could not start the local proxy on port ${String(proxyPort)}. Check the log at ${join(PIDFILE_DIR, "proxy.log")}.`
+  );
+}
+async function ensureFsServer(realDir, requestedPort) {
+  const reg = readFsRegistry();
+  const existing = reg[realDir];
+  if (existing !== void 0 && isProcessAlive(existing.pid) && await isPortListening(existing.port)) {
+    return { port: existing.port, reused: true };
+  }
+  if (existing !== void 0) {
+    const rest = Object.fromEntries(Object.entries(reg).filter(([k]) => k !== realDir));
+    writeJsonFile(FS_REGISTRY, rest);
+  }
+  let port;
+  if (requestedPort !== void 0) {
+    if (await isPortListening(requestedPort)) {
+      throw new Error(
+        `A server is already running on port ${String(requestedPort)}. Re-run without --port to auto-pick a free port, or choose another.`
+      );
+    }
+    port = requestedPort;
+  } else {
+    const claimed = new Set(Object.values(readFsRegistry()).map((e) => e.port));
+    port = await nextFreePort(DEFAULT_FS_PORT, claimed, isPortListening);
+  }
+  const child = startFsServerDetached(realDir, port);
+  let ready = false;
+  for (let i = 0; i < 20; i++) {
+    await sleep3(500);
+    if (await isPortListening(port)) {
+      ready = true;
+      break;
+    }
+  }
+  if (!ready) {
+    try {
+      if (child.pid !== void 0) killWithEscalation(child.pid, true);
+    } catch {
+    }
+    throw new Error(
+      `Filesystem server failed to start on port ${String(port)}. Check the directory path and the log at ${join(PIDFILE_DIR, `fs-${String(port)}.log`)}.`
+    );
+  }
+  if (child.pid !== void 0) {
+    const next = readFsRegistry();
+    next[realDir] = { pid: child.pid, port };
+    writeJsonFile(FS_REGISTRY, next);
+  }
+  return { port, reused: false };
+}
+function releaseProxyIfUnused(proxyPort, stoppingAgent) {
+  const remaining = agentsReferencingProxy(proxyPort, liveAgents(), stoppingAgent);
+  if (remaining.length > 0) return;
+  const reg = readProxyRegistry();
+  if (reg !== null && reg.port === proxyPort && isProcessAlive(reg.pid)) {
+    killWithEscalation(reg.pid, true);
+  }
+  if (reg !== null && reg.port === proxyPort) {
+    try {
+      unlinkSync(PROXY_REGISTRY);
+    } catch {
+    }
+  }
+}
+function releaseFsServerIfUnused(folder, stoppingAgent) {
+  const remaining = agentsReferencingFolder(folder, liveAgents(), stoppingAgent);
+  if (remaining.length > 0) return;
+  const reg = readFsRegistry();
+  const entry = reg[folder];
+  if (entry === void 0) return;
+  if (isProcessAlive(entry.pid)) {
+    killWithEscalation(entry.pid, true);
+  }
+  const rest = Object.fromEntries(Object.entries(reg).filter(([k]) => k !== folder));
+  writeJsonFile(FS_REGISTRY, rest);
+}
+function proxyServerSlug(agentLabel) {
+  const t = agentLabel.trim().toLowerCase();
+  const slug = t.replace(/[^a-z0-9._-]/g, "-").replace(/^-+|-+$/g, "");
+  if (slug === "") return "shield-handoff-agent";
+  if (!/^[a-z0-9]/i.test(slug)) return `a-${slug}`;
+  return slug.slice(0, 180);
+}
+async function registerAgentAndConfig(apiKey, baseUrl, agentName, fsPort, localDir) {
+  const targetUrl = `http://127.0.0.1:${String(fsPort)}/mcp`;
+  const serverName = proxyServerSlug(agentName);
+  const response = await fetch(`${baseUrl}/api/v1/proxy/config`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-Multicorn-Key": apiKey
+    },
+    body: JSON.stringify({
+      server_name: serverName,
+      target_url: targetUrl,
+      platform: "other-mcp",
+      agent_name: agentName,
+      local_dir: localDir
+    }),
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!response.ok) {
+    let detail = `HTTP ${String(response.status)}`;
+    try {
+      const body = await response.json();
+      const errObj = body["error"];
+      if (typeof errObj?.["message"] === "string") detail = errObj["message"];
+      else if (typeof body["message"] === "string") detail = body["message"];
+    } catch {
+    }
+    throw new Error(`Failed to register agent: ${detail}`);
+  }
+  const envelope = await response.json();
+  const data = envelope["data"];
+  const proxyUrl = typeof data?.["proxy_url"] === "string" ? data["proxy_url"] : "";
+  if (proxyUrl.length === 0) {
+    throw new Error("Registration succeeded but no proxy URL was returned.");
+  }
+  let pathSegment = "";
+  try {
+    const parsed = new URL(proxyUrl);
+    pathSegment = parsed.pathname + parsed.search;
+  } catch {
+    pathSegment = proxyUrl;
+  }
+  await grantScope(apiKey, baseUrl, agentName, "filesystem", "read");
+  return { proxyUrl, pathSegment };
+}
+async function sendHeartbeat(apiKey, baseUrl, serverName, proxyVersion) {
+  try {
+    await fetch(`${baseUrl}/api/v1/proxy/heartbeat`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Multicorn-Key": apiKey
+      },
+      // proxy_version lets the backend stamp the agent's last-seen version + timestamp
+      // from the heartbeat, so the dashboard can flag an out-of-date proxy that needs a
+      // restart even if the editor never connects through it.
+      body: JSON.stringify(
+        proxyVersion !== null ? { server_name: serverName, proxy_version: proxyVersion } : { server_name: serverName }
+      ),
+      signal: AbortSignal.timeout(8e3)
+    });
+  } catch {
+  }
+}
+async function grantScope(apiKey, baseUrl, agentName, service, level) {
+  const agentsResp = await fetch(`${baseUrl}/api/v1/agents`, {
+    headers: { "X-Multicorn-Key": apiKey },
+    signal: AbortSignal.timeout(8e3)
+  });
+  if (!agentsResp.ok) return;
+  const agentsBody = await agentsResp.json();
+  const agentsList = agentsBody["data"];
+  if (!Array.isArray(agentsList)) return;
+  const agent = agentsList.find((a) => a["name"] === agentName);
+  if (!agent || typeof agent["id"] !== "string") return;
+  const agentId = agent["id"];
+  await fetch(`${baseUrl}/api/v1/agents/${agentId}/scopes`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-Multicorn-Key": apiKey
+    },
+    body: JSON.stringify({ service, permission_level: level }),
+    signal: AbortSignal.timeout(8e3)
+  });
+}
+function killWithEscalation(pid, group = false) {
+  const signal = (sig) => {
+    if (group) {
+      try {
+        process.kill(-pid, sig);
+        return;
+      } catch {
+      }
+    }
+    process.kill(pid, sig);
+  };
+  try {
+    signal("SIGTERM");
+  } catch {
+    return;
+  }
+  const deadline = Date.now() + 3e3;
+  while (Date.now() < deadline) {
+    if (!isProcessAlive(pid)) return;
+    spawnSync("sleep", ["0.1"], { stdio: "ignore" });
+  }
+  try {
+    signal("SIGKILL");
+  } catch {
+  }
+}
+async function runStop(agent) {
+  const data = readPidfile(agent);
+  if (data === null) {
+    process.stderr.write(`No running session found for agent "${agent}".
+`);
+    process.exit(1);
+  }
+  await withResourceLock(() => {
+    if (typeof data.supervisorPid === "number" && isProcessAlive(data.supervisorPid)) {
+      killWithEscalation(data.supervisorPid);
+    }
+    removePidfile(agent);
+    releaseFsServerIfUnused(data.dir, agent);
+    releaseProxyIfUnused(data.proxyPort, agent);
+  });
+  process.stderr.write(`Stopped agent "${agent}".
+`);
+}
+async function runRestart(opts) {
+  if (opts.agent.length === 0) {
+    process.stderr.write("Error: --agent <name> is required for restart.\n");
+    process.exit(1);
+  }
+  const existing = readPidfile(opts.agent);
+  const dir = opts.dir.length > 0 ? opts.dir : existing?.dir ?? "";
+  if (dir.length === 0) {
+    process.stderr.write(
+      `Don't know which folder to restart agent "${opts.agent}" with.
+Run it once with the folder: npx multicorn-shield files restart <dir> --agent ${opts.agent}
+`
+    );
+    process.exit(1);
+  }
+  if (existing !== null) {
+    await runStop(opts.agent);
+  }
+  await runDetached({
+    ...opts,
+    dir,
+    proxyPort: opts.proxyPort ?? existing?.proxyPort});
+}
+async function runDetached(opts) {
+  const absDir = resolve(opts.dir);
+  if (!existsSync(absDir)) {
+    process.stderr.write(`Directory not found: ${opts.dir}. Check the path and try again.
+`);
+    process.exit(1);
+  }
+  const existing = readPidfile(opts.agent);
+  if (existing !== null) {
+    const alive = typeof existing.supervisorPid === "number" && isProcessAlive(existing.supervisorPid);
+    if (alive) {
+      process.stderr.write(
+        `Already running for agent "${opts.agent}" (fs :${String(existing.fsPort)}, proxy :${String(existing.proxyPort)}).
+Stop with: npx multicorn-shield files stop --agent ${opts.agent}
+`
+      );
+      return;
+    }
+    removePidfile(opts.agent);
+  }
+  const args = ["files", absDir, "--agent", opts.agent, "--foreground"];
+  if (opts.port !== void 0) args.push("--port", String(opts.port));
+  if (opts.proxyPort !== void 0) args.push("--proxy-port", String(opts.proxyPort));
+  if (opts.apiKey !== void 0) args.push("--api-key", opts.apiKey);
+  if (opts.baseUrl !== void 0) args.push("--base-url", opts.baseUrl);
+  if (opts.client !== void 0) args.push("--client", opts.client);
+  const scriptPath = process.argv[1] ?? resolve("dist/multicorn-shield.js");
+  const logFile = join(PIDFILE_DIR, `files-${opts.agent}.log`);
+  mkdirSync(PIDFILE_DIR, { recursive: true, mode: 448 });
+  const out = openSync(logFile, "a");
+  const err = openSync(logFile, "a");
+  const child = spawn(process.execPath, [scriptPath, ...args], {
+    detached: true,
+    stdio: ["ignore", out, err],
+    env: { ...process.env }
+  });
+  child.unref();
+  let pidData = null;
+  for (let i = 0; i < 60; i++) {
+    await sleep3(500);
+    pidData = readPidfile(opts.agent);
+    if (pidData !== null) break;
+    if (child.pid !== void 0 && !isProcessAlive(child.pid)) break;
+  }
+  if (pidData === null) {
+    process.stderr.write(`Failed to start in background. Check logs: ${logFile}
+`);
+    process.exit(1);
+  }
+  process.stderr.write("\n");
+  process.stderr.write(
+    `  ${style2.green("\u2713")} Setup complete. Shield is running in the background.
+`
+  );
+  process.stderr.write(`  ${style2.green("\u2713")} Folder: ${absDir}
+`);
+  process.stderr.write(
+    `  ${style2.green("\u2713")} FS server :${String(pidData.fsPort)}, Proxy :${String(pidData.proxyPort)}
+`
+  );
+  process.stderr.write("\n");
+  process.stderr.write(`  Stop it any time with:
+`);
+  process.stderr.write(
+    `    ${style2.cyan(`npx multicorn-shield files stop --agent ${opts.agent}`)}
+`
+  );
+  process.stderr.write("\n");
+  process.stderr.write(style2.dim(`  Status: npx multicorn-shield files status
+`));
+  process.stderr.write(style2.dim(`  Logs:   ${logFile}
+`));
+  process.stderr.write("\n");
+}
+async function runFilesCommand(opts) {
+  if (opts.status) {
+    runStatus();
+    return;
+  }
+  if (opts.restart) {
+    await runRestart(opts);
+    return;
+  }
+  if (opts.stop) {
+    await runStop(opts.agent);
+    return;
+  }
+  if (!opts.foreground) {
+    await runDetached(opts);
+    return;
+  }
+  const absDir = resolve(opts.dir);
+  if (!existsSync(absDir)) {
+    process.stderr.write(`Directory not found: ${opts.dir}. Check the path and try again.
+`);
+    process.exit(1);
+  }
+  if (opts.baseUrl && !isAllowedShieldApiBaseUrl(opts.baseUrl)) {
+    process.stderr.write(
+      "Error: --base-url must use HTTPS or http://localhost for local development.\n"
+    );
+    process.exit(1);
+  }
+  const config = await resolveConfig(opts);
+  const realDir = canonicalFolder(absDir);
+  const proxyPort = opts.proxyPort ?? DEFAULT_PROXY_PORT;
+  const existingPidfile = readPidfile(opts.agent);
+  if (existingPidfile !== null) {
+    const supervisorAlive = typeof existingPidfile.supervisorPid === "number" && isProcessAlive(existingPidfile.supervisorPid);
+    if (supervisorAlive) {
+      process.stderr.write(
+        `A session for agent "${opts.agent}" is already running. Run 'files stop --agent ${opts.agent}' first, or use a different --agent name.
+`
+      );
+      process.exit(1);
+    }
+    removePidfile(opts.agent);
+  }
+  let fsPort;
+  let proxyReused;
+  let fsReused;
+  try {
+    const ensured = await withResourceLock(async () => {
+      const proxyRes = await ensureProxy(proxyPort, config.baseUrl);
+      const fsRes = await ensureFsServer(realDir, opts.port);
+      writePidfile({
+        agent: opts.agent,
+        dir: realDir,
+        supervisorPid: process.pid,
+        fsPort: fsRes.port,
+        proxyPort
+      });
+      return { proxyRes, fsRes };
+    });
+    fsPort = ensured.fsRes.port;
+    proxyReused = ensured.proxyRes.reused;
+    fsReused = ensured.fsRes.reused;
+  } catch (error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`${msg}
+`);
+    process.exit(1);
+  }
+  let registration;
+  try {
+    registration = await registerAgentAndConfig(
+      config.apiKey,
+      config.baseUrl,
+      opts.agent,
+      fsPort,
+      realDir
+    );
+  } catch (error) {
+    await withResourceLock(() => {
+      removePidfile(opts.agent);
+      releaseFsServerIfUnused(realDir, opts.agent);
+      releaseProxyIfUnused(proxyPort, opts.agent);
+    });
+    const msg = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`Registration failed: ${msg}
+`);
+    process.exit(1);
+  }
+  const heartbeatServerName = proxyServerSlug(opts.agent);
+  const heartbeatTick = async () => {
+    const proxyVersion = await readProxyVersion(proxyPort);
+    const proxyOk = proxyVersion !== null || await probeProxyHealth(proxyPort);
+    const fsOk = await isPortListening(fsPort);
+    if (proxyOk && fsOk) {
+      await sendHeartbeat(config.apiKey, config.baseUrl, heartbeatServerName, proxyVersion);
+    }
+  };
+  void heartbeatTick();
+  const heartbeatTimer = setInterval(() => {
+    void heartbeatTick();
+  }, HEARTBEAT_INTERVAL_MS);
+  let cleaningUp = false;
+  process.on("SIGINT", () => {
+    if (cleaningUp) return;
+    cleaningUp = true;
+    void (async () => {
+      clearInterval(heartbeatTimer);
+      await withResourceLock(() => {
+        removePidfile(opts.agent);
+        releaseFsServerIfUnused(realDir, opts.agent);
+        releaseProxyIfUnused(proxyPort, opts.agent);
+      });
+      process.exit(0);
+    })();
+  });
+  process.on("SIGTERM", () => {
+    clearInterval(heartbeatTimer);
+    removePidfile(opts.agent);
+    process.exit(0);
+  });
+  const dirLabel = `./${basename(absDir)}`;
+  const localProxyUrl = `http://127.0.0.1:${String(proxyPort)}${registration.pathSegment}`;
+  process.stderr.write("\n");
+  process.stderr.write(
+    `  ${style2.green("\u2713")} ${proxyReused ? "Reusing shared proxy" : "Local proxy running"} (:${String(proxyPort)})
+`
+  );
+  process.stderr.write(
+    `  ${style2.green("\u2713")} ${fsReused ? "Reusing filesystem server for" : "Filesystem server on"} ${dirLabel} (:${String(fsPort)})
+`
+  );
+  process.stderr.write(`  ${style2.green("\u2713")} Agent '${opts.agent}' registered with Shield
+`);
+  const writeResult = await autoWriteClientConfig(
+    opts.client,
+    opts.agent,
+    localProxyUrl,
+    config.apiKey,
+    absDir
+  );
+  const firstWritten = writeResult.written[0];
+  if (firstWritten !== void 0) {
+    for (const w of writeResult.written) {
+      process.stderr.write(`  ${style2.green("\u2713")} Config written to ${style2.cyan(w.path)}
+`);
+    }
+    process.stderr.write("\n");
+    process.stderr.write(style2.dim(`  ${firstWritten.reload}
+`));
+  } else if (!writeResult.prompted) {
+    process.stderr.write("\n");
+    process.stderr.write(
+      "  Add this to your coding agent's MCP config so it routes through Shield:\n\n"
+    );
+    const configBlock = JSON.stringify(
+      {
+        mcpServers: {
+          [opts.agent]: {
+            url: hostedProxyUrlWithKeyParam(localProxyUrl, config.apiKey),
+            headers: { Authorization: `Bearer ${config.apiKey}` }
+          }
+        }
+      },
+      null,
+      2
+    );
+    process.stderr.write(style2.cyan(configBlock) + "\n\n");
+  }
+  process.stderr.write(style2.dim("  Write and delete will ask for approval the first time.\n"));
+  process.stderr.write("\n");
+  process.stderr.write(
+    `  ${style2.green("\u2713")} Shield is running (foreground mode). Press Ctrl-C to stop.
+`
+  );
+  process.stderr.write("\n");
+}
+async function autoWriteClientConfig(clientFlag, agentName, localProxyUrl, apiKey, workspacePath) {
+  if (clientFlag !== void 0 && clientFlag.length > 0) {
+    if (clientFlag === "all") {
+      const detected2 = detectInstalledClients();
+      if (detected2.length === 0) return { written: [], prompted: false };
+      const results = [];
+      for (const c of detected2) {
+        const path2 = await writeLocalMcpEntry(c, agentName, localProxyUrl, apiKey, workspacePath);
+        if (path2 !== null) {
+          results.push({ client: c, path: path2, reload: clientReloadInstruction(c) });
+        }
+      }
+      return { written: results, prompted: false };
+    }
+    const client2 = clientFlag;
+    if (!CODING_CLIENTS.includes(client2)) {
+      process.stderr.write(
+        `
+  Unknown --client "${clientFlag}". Valid options: ${CODING_CLIENTS.join(", ")}, all
+`
+      );
+      return { written: [], prompted: false };
+    }
+    const path = await writeLocalMcpEntry(client2, agentName, localProxyUrl, apiKey, workspacePath);
+    if (path !== null) {
+      return {
+        written: [{ client: client2, path, reload: clientReloadInstruction(client2) }],
+        prompted: false
+      };
+    }
+    process.stderr.write(
+      `
+  Could not write to ${clientDisplayName(client2)} config (parse error or permissions).
+`
+    );
+    return { written: [], prompted: false };
+  }
+  const detected = detectInstalledClients();
+  if (detected.length === 0) {
+    return { written: [], prompted: false };
+  }
+  if (detected.length === 1) {
+    const client2 = detected[0];
+    if (client2 === void 0) {
+      return { written: [], prompted: false };
+    }
+    const path = await writeLocalMcpEntry(client2, agentName, localProxyUrl, apiKey, workspacePath);
+    if (path !== null) {
+      return {
+        written: [{ client: client2, path, reload: clientReloadInstruction(client2) }],
+        prompted: false
+      };
+    }
+    process.stderr.write(
+      `
+  Could not safely update ${clientDisplayName(client2)} config (parse error or permissions). Left it unchanged.
+`
+    );
+    return { written: [], prompted: false };
+  }
+  if (!process.stdin.isTTY) {
+    process.stderr.write("\n");
+    process.stderr.write("  Multiple coding agents detected:\n");
+    for (const c of detected) {
+      process.stderr.write(`    - ${clientDisplayName(c)} (--client ${c})
+`);
+    }
+    process.stderr.write(
+      "\n  Re-run with --client <name> to write config, or --client all for all.\n"
+    );
+    return { written: [], prompted: true };
+  }
+  process.stderr.write("\n");
+  process.stderr.write("  Multiple coding agents detected. Which should route through Shield?\n\n");
+  for (const [i, c] of detected.entries()) {
+    process.stderr.write(`    ${String(i + 1)}) ${clientDisplayName(c)}
+`);
+  }
+  process.stderr.write(`    a) All of them
+`);
+  process.stderr.write("\n");
+  const choice = await promptLine("  Enter number (or 'a' for all): ");
+  const trimmed = choice.trim().toLowerCase();
+  if (trimmed === "a" || trimmed === "all") {
+    const results = [];
+    for (const c of detected) {
+      const path = await writeLocalMcpEntry(c, agentName, localProxyUrl, apiKey, workspacePath);
+      if (path !== null) {
+        results.push({ client: c, path, reload: clientReloadInstruction(c) });
+      }
+    }
+    return { written: results, prompted: false };
+  }
+  const num = Number.parseInt(trimmed, 10);
+  const client = num >= 1 && num <= detected.length ? detected[num - 1] : void 0;
+  if (client !== void 0) {
+    const path = await writeLocalMcpEntry(client, agentName, localProxyUrl, apiKey, workspacePath);
+    if (path !== null) {
+      return {
+        written: [{ client, path, reload: clientReloadInstruction(client) }],
+        prompted: false
+      };
+    }
+  }
+  process.stderr.write(`  Invalid choice. Use --client <name> next time.
+`);
+  return { written: [], prompted: true };
+}
+function promptLine(question) {
+  return new Promise((resolve3) => {
+    const rl = createInterface({ input: process.stdin, output: process.stderr });
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve3(answer);
+    });
+  });
+}
+var DEFAULT_FS_PORT, DEFAULT_PROXY_PORT, PIDFILE_DIR, PROXY_REGISTRY, FS_REGISTRY, LOCK_PATH, LOCK_WAIT_MS, LOCK_STALE_MS, FS_PORT_SCAN_RANGE, style2, HEARTBEAT_INTERVAL_MS;
+var init_files = __esm({
+  "src/commands/files.ts"() {
+    init_config();
+    DEFAULT_FS_PORT = 3005;
+    DEFAULT_PROXY_PORT = 3001;
+    PIDFILE_DIR = process.env["MULTICORN_HOME"] ?? join(homedir(), ".multicorn");
+    PROXY_REGISTRY = join(PIDFILE_DIR, "proxy.json");
+    FS_REGISTRY = join(PIDFILE_DIR, "fs-servers.json");
+    LOCK_PATH = join(PIDFILE_DIR, ".resources.lock");
+    LOCK_WAIT_MS = 6e4;
+    LOCK_STALE_MS = 12e4;
+    FS_PORT_SCAN_RANGE = 200;
+    style2 = {
+      green: (s) => `\x1B[38;2;34;197;94m${s}\x1B[0m`,
+      cyan: (s) => `\x1B[38;2;6;182;212m${s}\x1B[0m`,
+      dim: (s) => `\x1B[2m${s}\x1B[0m`,
+      bold: (s) => `\x1B[1m${s}\x1B[0m`
+    };
+    HEARTBEAT_INTERVAL_MS = 3e4;
+  }
+});
+// bin/multicorn-shield.ts
+var multicorn_shield_exports = {};
+__export(multicorn_shield_exports, {
+  parseArgs: () => parseArgs,
+  resolveWrapConfig: () => resolveWrapConfig,
+  runCli: () => runCli
+});
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  let subcommand = "help";
+  let wrapCommand = "";
+  let wrapArgs = [];
+  let logLevel = "info";
+  let baseUrl = void 0;
+  let dashboardUrl = "";
+  let agentName = "";
+  let deleteAgentName = "";
+  let apiKey = void 0;
+  let verbose = false;
+  let filesDir = "";
+  let filesPort = void 0;
+  let filesProxyPort = void 0;
+  let filesStop = false;
+  let filesClient = void 0;
+  let filesForeground = false;
+  let filesStatus = false;
+  let filesRestart = false;
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg === "init") {
+      subcommand = "init";
+    } else if (arg === "files") {
+      subcommand = "files";
+      const tail = args.slice(i + 1);
+      for (let j = 0; j < tail.length; j++) {
+        const token = tail[j];
+        if (token === void 0) continue;
+        if (token === "--agent") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            agentName = value;
+            j++;
+          }
+        } else if (token === "--port") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            filesPort = Number.parseInt(value, 10);
+            j++;
+          }
+        } else if (token === "--proxy-port") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            filesProxyPort = Number.parseInt(value, 10);
+            j++;
+          }
+        } else if (token === "--api-key") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            apiKey = value;
+            j++;
+          }
+        } else if (token === "--base-url") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            baseUrl = value;
+            j++;
+          }
+        } else if (token === "--client") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            filesClient = value;
+            j++;
+          }
+        } else if (token === "--stop") {
+          filesStop = true;
+        } else if (token === "--foreground") {
+          filesForeground = true;
+        } else if (token === "--detach") ; else if (token === "stop") {
+          filesStop = true;
+        } else if (token === "status") {
+          filesStatus = true;
+        } else if (token === "restart") {
+          filesRestart = true;
+        } else if (!token.startsWith("-") && filesDir === "") {
+          filesDir = token;
+        }
+      }
+      break;
+    } else if (arg === "agents") {
+      subcommand = "agents";
+    } else if (arg === "delete-agent") {
+      subcommand = "delete-agent";
+      const name = args[i + 1];
+      if (name === void 0 || name.startsWith("-")) {
+        process.stderr.write("Error: delete-agent requires an agent name.\n");
+        process.stderr.write("Example: npx multicorn-shield delete-agent my-agent\n");
+        process.exit(1);
+      }
+      deleteAgentName = name;
+      i++;
+    } else if (arg === "--wrap") {
+      subcommand = "wrap";
+      const tail = args.slice(i + 1);
+      const remaining = [];
+      for (let j = 0; j < tail.length; j++) {
+        const token = tail[j];
+        if (token === void 0) continue;
+        if (remaining.length > 0) {
+          remaining.push(token);
+          continue;
+        }
+        if (token === "--agent-name") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            agentName = value;
+            j++;
+          }
+        } else if (token === "--log-level") {
+          const value = tail[j + 1];
+          if (value !== void 0 && isValidLogLevel(value)) {
+            logLevel = value;
+            j++;
+          }
+        } else if (token === "--base-url") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            baseUrl = value;
+            j++;
+          }
+        } else if (token === "--dashboard-url") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            dashboardUrl = value;
+            j++;
+          }
+        } else if (token === "--api-key") {
+          const value = tail[j + 1];
+          if (value !== void 0) {
+            apiKey = value;
+            j++;
+          }
+        } else {
+          remaining.push(token);
+        }
+      }
+      if (remaining.length === 0) {
+        process.stderr.write("Error: --wrap requires a command to run.\n");
+        process.stderr.write("Example: npx multicorn-shield --wrap my-mcp-server\n");
+        process.exit(1);
+      }
+      wrapCommand = remaining[0] ?? "";
+      wrapArgs = remaining.slice(1);
+      break;
+    } else if (arg === "--log-level") {
+      const next = args[i + 1];
+      if (next !== void 0 && isValidLogLevel(next)) {
+        logLevel = next;
+        i++;
+      }
+    } else if (arg === "--base-url") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        baseUrl = next;
+        i++;
+      }
+    } else if (arg === "--dashboard-url") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        dashboardUrl = next;
+        i++;
+      }
+    } else if (arg === "--agent-name") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        agentName = next;
+        i++;
+      }
+    } else if (arg === "--api-key") {
+      const next = args[i + 1];
+      if (next !== void 0) {
+        apiKey = next;
+        i++;
+      }
+    } else if (arg === "--verbose" || arg === "--debug") {
+      verbose = true;
+    }
+  }
+  return {
+    subcommand,
+    wrapCommand,
+    wrapArgs,
+    logLevel,
+    baseUrl,
+    dashboardUrl,
+    agentName,
+    deleteAgentName,
+    apiKey,
+    verbose,
+    filesDir,
+    filesPort,
+    filesProxyPort,
+    filesStop,
+    filesClient,
+    filesForeground,
+    filesStatus,
+    filesRestart
+  };
+}
+function printHelp() {
+  process.stderr.write(
+    [
+      "multicorn-shield: MCP permission proxy and Shield setup",
       "",
       "Usage:",
       "  npx multicorn-shield init",
       "      Interactive setup. Saves API key to ~/.multicorn/config.json.",
       "",
+      "  npx multicorn-shield files <dir> --agent <name> [--client <client>]",
+      "      Share a local folder with a coding agent. Starts a filesystem MCP server",
+      "      scoped to <dir>, registers the agent, writes your coding agent's MCP config,",
+      "      then exits. The service runs in the background until stopped.",
+      "",
+      "      --client <name>  Target client: cursor, cline, windsurf, claude, copilot,",
+      "                       goose, gemini, codex, continue, kilo, opencode",
+      "                       Auto-detected if omitted. Use --client all to write to every",
+      "                       detected client.",
+      "      --foreground     Keep the terminal open (for debugging). Default is background.",
+      "      --stop           Tear down the servers started by a previous `files` invocation.",
+      "",
+      "  npx multicorn-shield files stop --agent <name>",
+      "      Stop background processes for the named agent.",
+      "",
+      "  npx multicorn-shield files restart --agent <name>",
+      "      Stop then start the named agent, reusing the folder from its last run.",
+      "      Rewrites the coding agent's MCP config entry, so this repairs a stale",
+      "      entry that a plain stop/start would leave in place.",
+      "",
+      "  npx multicorn-shield files status",
+      "      Show all running file-sharing sessions.",
+      "",
       "  npx multicorn-shield restore",
       "      Restore MCP servers in claude_desktop_config.json from the Shield extension backup.",
       "",
@@ -5087,6 +6479,11 @@ function printHelp() {
       "",
       "Examples:",
       "  npx multicorn-shield init",
+      "  npx multicorn-shield files ./my-repo --agent my-agent",
+      "  npx multicorn-shield files ./my-repo --agent my-agent --foreground",
+      "  npx multicorn-shield files status",
+      "  npx multicorn-shield files stop --agent my-agent",
+      "  npx multicorn-shield files restart --agent my-agent",
       "  npx multicorn-shield --wrap npx @modelcontextprotocol/server-filesystem /tmp",
       "  npx multicorn-shield --wrap my-mcp-server --log-level debug",
       ""
@@ -5117,6 +6514,48 @@ async function runCli() {
     await runInit(cli.baseUrl, { verbose: cli.verbose });
     return;
   }
+  if (cli.subcommand === "files") {
+    if (cli.filesStatus) {
+      await runFilesCommand({
+        dir: "",
+        agent: "",
+        port: void 0,
+        proxyPort: void 0,
+        apiKey: void 0,
+        baseUrl: void 0,
+        stop: false,
+        client: void 0,
+        foreground: true,
+        status: true,
+        restart: false
+      });
+      return;
+    }
+    if (!cli.filesStop && cli.agentName.length === 0) {
+      process.stderr.write("Error: --agent <name> is required for the files command.\n");
+      process.stderr.write("Example: npx multicorn-shield files ./my-repo --agent my-agent\n");
+      process.exit(1);
+    }
+    if (!cli.filesStop && !cli.filesRestart && cli.filesDir.length === 0) {
+      process.stderr.write("Error: a directory path is required.\n");
+      process.stderr.write("Example: npx multicorn-shield files ./my-repo --agent my-agent\n");
+      process.exit(1);
+    }
+    await runFilesCommand({
+      dir: cli.filesDir,
+      agent: cli.agentName,
+      port: cli.filesPort,
+      proxyPort: cli.filesProxyPort,
+      apiKey: cli.apiKey,
+      baseUrl: cli.baseUrl,
+      stop: cli.filesStop,
+      client: cli.filesClient,
+      foreground: cli.filesForeground,
+      status: false,
+      restart: cli.filesRestart
+    });
+    return;
+  }
   if (cli.subcommand === "agents") {
     const config2 = await loadConfig();
     if (config2 === null) {
@@ -5254,6 +6693,7 @@ var init_multicorn_shield = __esm({
     init_consent();
     init_restore();
     init_package_meta();
+    init_files();
     isDirectRun = process.argv[1] !== void 0 && (import.meta.url.endsWith(process.argv[1]) || import.meta.url === `file://${process.argv[1]}` || import.meta.url.endsWith("/multicorn-shield.js") || import.meta.url.endsWith("/multicorn-shield.ts"));
     if (isDirectRun && process.env["VITEST"] === void 0) {
       runCli().catch((error) => {