To be honest, I wrote this action for Shield months ago.
It would be better if you just implement it with a class for login.
Shield uses codeigniter4/settings to set the parameters, by doing this you practically take away the possibility of setting these two parameters from the users.
Also, I disagree with your opinion that if someone installs Halberd, they must use it, if this is true, then if the user installs the Shield, he must have made the settings related to root protection, but you You have applied in Registrar.php.
In any case, thank you for helping the codeigniter community by sharing it.