@drakon-systems/shieldcortex-realtime 4.12.14 → 4.14.0

package/dist/cloud-sync.js

@@ -0,0 +1,19 @@
+// plugins/openclaw/cloud-sync.ts
+//
+// Network egress for SC threat events. See CHANGELOG.md v4.12.8 / v4.12.9.
+export function cloudSync(threat, cfg) {
+    if (!cfg.cloudApiKey)
+        return;
+    const url = `${cfg.cloudBaseUrl || 'https://api.shieldcortex.ai'}/v1/threats`;
+    fetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${cfg.cloudApiKey}`,
+        },
+        body: JSON.stringify(threat),
+        signal: AbortSignal.timeout(5000),
+    }).catch(() => {
+        // Fire-and-forget — never block on cloud sync failure
+    });
+}

package/dist/index.js

@@ -0,0 +1,703 @@
+/**
+ * ShieldCortex Real-time Scanning Plugin for OpenClaw v2026.3.22+
+ *
+ * Uses explicit capability registration (registerHook + registerCommand)
+ * for llm_input/llm_output scanning and optional memory extraction.
+ * All scanning operations are fire-and-forget.
+ */
+import { createHash } from "node:crypto";
+import fs from "node:fs/promises";
+import { existsSync, readFileSync, realpathSync } from "node:fs";
+import path from "node:path";
+import { homedir } from "node:os";
+import { fileURLToPath, pathToFileURL } from "node:url";
+import { createInterceptor, DEFAULT_CONFIG as DEFAULT_INTERCEPTOR_CONFIG } from './interceptor.js';
+import { syncInterceptEvent } from './intercept-ingest.js';
+import { cloudSync } from './cloud-sync.js';
+let runtimePromise = null;
+function addRuntimeCandidate(candidates, packageRoot) {
+    const runtimePath = path.join(packageRoot, "hooks", "openclaw", "cortex-memory", "runtime.mjs");
+    if (existsSync(runtimePath)) {
+        candidates.add(pathToFileURL(runtimePath).href);
+    }
+}
+function addAncestorCandidates(candidates, startPath) {
+    let current = path.resolve(startPath);
+    let previous = "";
+    for (let i = 0; i < 6 && current !== previous; i++) {
+        addRuntimeCandidate(candidates, current);
+        previous = current;
+        current = path.dirname(current);
+    }
+}
+function collectRuntimeCandidates() {
+    const candidates = new Set();
+    // 1. Relative path (works when running from within npm package tree)
+    candidates.add(new URL("../../hooks/openclaw/cortex-memory/runtime.mjs", import.meta.url).href);
+    // 2. Config file override (reads path from ~/.shieldcortex/config.json instead of env var)
+    try {
+        const cfgPath = path.join(homedir(), ".shieldcortex", "config.json");
+        if (existsSync(cfgPath)) {
+            const cfg = JSON.parse(readFileSync(cfgPath, "utf-8"));
+            if (cfg.installRoot)
+                addRuntimeCandidate(candidates, cfg.installRoot);
+        }
+    }
+    catch { /* no config */ }
+    // 3. Walk up from current file location
+    addAncestorCandidates(candidates, path.dirname(fileURLToPath(import.meta.url)));
+    // 4. Resolve via common bin symlink paths (no child_process needed)
+    for (const binDir of ["/usr/local/bin", "/opt/homebrew/bin", path.join(homedir(), ".npm-global", "bin")]) {
+        const binPath = path.join(binDir, "shieldcortex");
+        try {
+            if (existsSync(binPath))
+                addAncestorCandidates(candidates, realpathSync(binPath));
+        }
+        catch { /* broken symlink */ }
+    }
+    // 5. Common global install paths (covers npm root -g results without spawning npm)
+    for (const root of [
+        "/usr/lib/node_modules/shieldcortex",
+        "/usr/local/lib/node_modules/shieldcortex",
+        "/opt/homebrew/lib/node_modules/shieldcortex",
+        path.join(homedir(), ".npm-global", "lib", "node_modules", "shieldcortex"),
+        path.join(homedir(), ".nvm", "versions", "node"), // nvm users
+    ]) {
+        if (root.includes(".nvm")) {
+            // For nvm, check the current symlink
+            try {
+                const currentNode = path.join(homedir(), ".nvm", "current", "lib", "node_modules", "shieldcortex");
+                addRuntimeCandidate(candidates, currentNode);
+            }
+            catch { /* no nvm */ }
+        }
+        else {
+            addRuntimeCandidate(candidates, root);
+        }
+    }
+    return [...candidates];
+}
+async function getRuntime() {
+    if (!runtimePromise) {
+        runtimePromise = (async () => {
+            const tried = [];
+            let lastError = null;
+            for (const candidate of collectRuntimeCandidates()) {
+                tried.push(candidate);
+                try {
+                    const mod = await import(candidate);
+                    if (typeof mod.createOpenClawRuntime === "function") {
+                        return mod.createOpenClawRuntime({ logPrefix: "[shieldcortex]" });
+                    }
+                }
+                catch (error) {
+                    lastError = error;
+                }
+            }
+            const detail = lastError instanceof Error ? lastError.message : String(lastError ?? "unknown error");
+            throw new Error(`Could not load OpenClaw runtime. Tried: ${tried.join(", ")}. Last error: ${detail}`);
+        })();
+    }
+    return runtimePromise;
+}
+const PLUGIN_ID = "shieldcortex-realtime";
+const PLUGIN_PACKAGE_NAME = "@drakon-systems/shieldcortex-realtime";
+const PLUGIN_CONFIG_UI_HINTS = {
+    binaryPath: {
+        label: "ShieldCortex Binary Path",
+        help: "Optional absolute path to the shieldcortex CLI when it is not on PATH.",
+        placeholder: "/usr/local/bin/shieldcortex",
+        advanced: true,
+    },
+    cloudApiKey: {
+        label: "Cloud API Key",
+        help: "Optional ShieldCortex Cloud API key used for realtime threat forwarding.",
+        sensitive: true,
+        placeholder: "sc_...",
+    },
+    cloudBaseUrl: {
+        label: "Cloud Base URL",
+        help: "Override the ShieldCortex Cloud API base URL if you use a self-hosted or staging endpoint.",
+        placeholder: "https://api.shieldcortex.ai",
+        advanced: true,
+    },
+    openclawAutoMemory: {
+        label: "Auto Memory Extraction",
+        help: "Extract high-signal decisions and learnings from LLM output into ShieldCortex memory.",
+    },
+    openclawAutoMemoryDedupe: {
+        label: "Dedupe Auto Memory",
+        help: "Skip near-duplicate memories before they are written to ShieldCortex.",
+        advanced: true,
+    },
+    openclawAutoMemoryNoveltyThreshold: {
+        label: "Novelty Threshold",
+        help: "Similarity threshold for duplicate suppression. Higher values keep more memories.",
+        advanced: true,
+    },
+    openclawAutoMemoryMaxRecent: {
+        label: "Recent Memory Cache Size",
+        help: "How many recent extracted memories to keep in the dedupe cache.",
+        advanced: true,
+    },
+};
+const PLUGIN_CONFIG_JSON_SCHEMA = {
+    type: "object",
+    additionalProperties: false,
+    properties: {
+        enabled: { type: "boolean" },
+        binaryPath: { type: "string" },
+        cloudApiKey: { type: "string" },
+        cloudBaseUrl: { type: "string" },
+        openclawAutoMemory: { type: "boolean" },
+        openclawAutoMemoryDedupe: { type: "boolean" },
+        openclawAutoMemoryNoveltyThreshold: { type: "number", minimum: 0.6, maximum: 0.99 },
+        openclawAutoMemoryMaxRecent: { type: "integer", minimum: 50, maximum: 1000 },
+    },
+};
+let _config = null;
+// Identity of the shield config we last merged from. The runtime's
+// loadShieldConfig() returns the same parsed object until the file's mtime
+// advances; using reference equality lets us re-merge precisely when the
+// underlying config has actually changed (dashboard / CLI write).
+let _lastShieldConfigRef = null;
+let _configOverride = null;
+let _version = "0.0.0";
+try {
+    // Try package.json first, then openclaw.plugin.json (the manifest IS copied to extensions/)
+    for (const candidateUrl of [
+        new URL("./package.json", import.meta.url),
+        new URL("../../package.json", import.meta.url),
+        new URL("./openclaw.plugin.json", import.meta.url),
+    ]) {
+        try {
+            const data = JSON.parse(readFileSync(candidateUrl, "utf-8"));
+            if (typeof data.version === "string" && data.version.trim()) {
+                _version = data.version;
+                break;
+            }
+        }
+        catch {
+            // try the next candidate
+        }
+    }
+}
+catch { /* fallback */ }
+let _registered = false;
+function normaliseConfig(raw) {
+    if (!raw || typeof raw !== "object" || Array.isArray(raw))
+        return {};
+    const value = raw;
+    const config = {};
+    if (typeof value.cloudApiKey === "string" && value.cloudApiKey.trim()) {
+        config.cloudApiKey = value.cloudApiKey.trim();
+    }
+    if (typeof value.cloudBaseUrl === "string" && value.cloudBaseUrl.trim()) {
+        config.cloudBaseUrl = value.cloudBaseUrl.trim();
+    }
+    if (typeof value.binaryPath === "string" && value.binaryPath.trim()) {
+        config.binaryPath = value.binaryPath.trim();
+    }
+    if (typeof value.openclawAutoMemory === "boolean") {
+        config.openclawAutoMemory = value.openclawAutoMemory;
+    }
+    if (typeof value.openclawAutoMemoryDedupe === "boolean") {
+        config.openclawAutoMemoryDedupe = value.openclawAutoMemoryDedupe;
+    }
+    if (typeof value.openclawAutoMemoryNoveltyThreshold === "number" && !Number.isNaN(value.openclawAutoMemoryNoveltyThreshold)) {
+        config.openclawAutoMemoryNoveltyThreshold = clamp(value.openclawAutoMemoryNoveltyThreshold, 0.6, 0.99);
+    }
+    if (typeof value.openclawAutoMemoryMaxRecent === "number" && !Number.isNaN(value.openclawAutoMemoryMaxRecent)) {
+        config.openclawAutoMemoryMaxRecent = Math.floor(clamp(value.openclawAutoMemoryMaxRecent, 50, 1000));
+    }
+    return config;
+}
+function extractPluginConfig(rootConfig) {
+    if (!rootConfig || typeof rootConfig !== "object" || Array.isArray(rootConfig))
+        return {};
+    const entries = rootConfig.plugins?.entries;
+    const pluginConfig = entries?.[PLUGIN_ID]?.config ??
+        entries?.[PLUGIN_PACKAGE_NAME]?.config;
+    return normaliseConfig(pluginConfig);
+}
+function applyPluginConfigOverride(api) {
+    const runtimeConfigApi = api.runtime?.config;
+    const runtimeConfig = typeof runtimeConfigApi?.current === "function"
+        ? runtimeConfigApi.current()
+        : typeof runtimeConfigApi?.loadConfig === "function"
+            ? runtimeConfigApi.loadConfig()
+            : api.config;
+    const pluginConfig = extractPluginConfig(runtimeConfig);
+    if (Object.keys(pluginConfig).length === 0)
+        return;
+    _configOverride = {
+        ...(_configOverride ?? {}),
+        ...pluginConfig,
+    };
+    // Override changed — invalidate so loadConfig() re-merges with new override.
+    _config = null;
+    _lastShieldConfigRef = null;
+}
+async function loadConfig() {
+    const shieldConfigRaw = await (await getRuntime()).loadShieldConfig();
+    if (_config && shieldConfigRaw === _lastShieldConfigRef)
+        return _config;
+    _lastShieldConfigRef = shieldConfigRaw;
+    _config = {
+        ...normaliseConfig(shieldConfigRaw),
+        ...(_configOverride ?? {}),
+    };
+    return _config;
+}
+function isAutoMemoryEnabled(config) {
+    return config.openclawAutoMemory === true;
+}
+function isAutoMemoryDedupeEnabled(config) {
+    return config.openclawAutoMemoryDedupe !== false;
+}
+async function callCortex(tool, args = {}) {
+    return (await getRuntime()).callCortex(tool, args);
+}
+// ==================== REMOTE SCANNING ====================
+async function scanRealtimeContent(text) {
+    const response = await callCortex("scan_tool_response", {
+        toolName: "openclaw-realtime",
+        content: text,
+        mode: "advisory",
+    });
+    if (!response) {
+        return { clean: true, summary: "scan unavailable" };
+    }
+    const cleanMatch = response.match(/\*\*Clean:\*\*\s*(Yes|No)/i);
+    const riskMatch = response.match(/\*\*Risk Level:\*\*\s*([A-Za-z]+)/i);
+    const detectionsMatch = response.match(/\*\*Detections:\*\*\s*(\d+)/i);
+    const clean = cleanMatch ? /yes/i.test(cleanMatch[1]) : true;
+    const risk = riskMatch?.[1] ?? "unknown";
+    const detections = detectionsMatch?.[1];
+    const summary = detections ? `${risk} (${detections} detections)` : risk;
+    return { clean, summary };
+}
+// ==================== CONTENT PATTERNS ====================
+const PATTERNS = {
+    architecture: [/\b(?:architecture|designed|structured)\b.*?(?:uses?|is|with)\b/i, /\b(?:decided?\s+to|going\s+with|chose)\b/i],
+    error: [/\b(?:fixed|resolved|solved)\s+(?:by|with|using)\b/i, /\b(?:solution|fix|root\s*cause)\s+(?:was|is)\b/i],
+    learning: [/\b(?:learned|discovered|turns?\s+out|figured\s+out|realized)\b/i],
+    preference: [
+        /\b(?:I|we|you\s+should)\s+(?:always|never)\b/i,
+        /\b(?:always\s+use|never\s+use|never\s+commit)\b/i,
+        /\bprefer(?:\s+to)?\s+\w+/i,
+        /\bshould\s+always\b/i,
+    ],
+    note: [/\b(?:important|remember|key\s+point)\s*:/i],
+};
+function extractMemories(texts) {
+    const out = [];
+    const seen = new Set();
+    for (const text of texts) {
+        if (text.length < 30)
+            continue;
+        for (const [cat, pats] of Object.entries(PATTERNS)) {
+            if (pats.some(p => p.test(text))) {
+                const title = text.slice(0, 80).replace(/["\n]/g, " ").trim();
+                if (!seen.has(title)) {
+                    seen.add(title);
+                    out.push({ title, content: text.slice(0, 500), category: cat });
+                }
+                break;
+            }
+            if (out.length >= 3)
+                break;
+        }
+        if (out.length >= 3)
+            break;
+    }
+    return out;
+}
+// ==================== HELPERS ====================
+function extractUserContent(msgs) {
+    const out = [];
+    for (const msg of msgs) {
+        if (!msg || typeof msg !== "object")
+            continue;
+        const m = msg;
+        if (m.role !== "user")
+            continue;
+        if (typeof m.content === "string")
+            out.push(m.content);
+        else if (Array.isArray(m.content))
+            for (const b of m.content)
+                if (b?.type === "text")
+                    out.push(b.text);
+    }
+    return out;
+}
+const AUDIT_DIR = path.join(homedir(), ".shieldcortex", "audit");
+const NOVELTY_CACHE_FILE = path.join(homedir(), ".shieldcortex", "openclaw-memory-cache.json");
+const DEFAULT_NOVELTY_THRESHOLD = 0.88;
+const DEFAULT_MAX_RECENT = 300;
+const MIN_NOVELTY_CHARS = 40;
+async function auditLog(entry) {
+    try {
+        await fs.mkdir(AUDIT_DIR, { recursive: true });
+        await fs.appendFile(path.join(AUDIT_DIR, `realtime-${new Date().toISOString().slice(0, 10)}.jsonl`), JSON.stringify(entry) + "\n");
+    }
+    catch { }
+}
+function normalizeMemoryText(text) {
+    return String(text || "")
+        .toLowerCase()
+        .replace(/[`"'\\]/g, " ")
+        .replace(/https?:\/\/\S+/g, " ")
+        .replace(/[^a-z0-9\s]/g, " ")
+        .replace(/\s+/g, " ")
+        .trim();
+}
+function hashToken(token) {
+    return createHash("sha1").update(token).digest("hex").slice(0, 12);
+}
+function buildTokenHashes(normalized) {
+    const words = normalized.split(" ").filter((w) => w.length >= 3);
+    const set = new Set();
+    for (let i = 0; i < words.length; i++) {
+        set.add(hashToken(words[i]));
+        if (i < words.length - 1)
+            set.add(hashToken(`${words[i]}_${words[i + 1]}`));
+    }
+    return Array.from(set).slice(0, 200);
+}
+function jaccardSimilarity(a, b) {
+    if (a.size === 0 || b.size === 0)
+        return 0;
+    let intersection = 0;
+    for (const item of a) {
+        if (b.has(item))
+            intersection++;
+    }
+    const union = a.size + b.size - intersection;
+    return union === 0 ? 0 : intersection / union;
+}
+function clamp(value, min, max) {
+    return Math.max(min, Math.min(max, value));
+}
+async function loadNoveltyCache(maxRecent) {
+    try {
+        const raw = JSON.parse(await fs.readFile(NOVELTY_CACHE_FILE, "utf-8"));
+        if (!Array.isArray(raw))
+            return [];
+        return raw
+            .filter((entry) => entry && typeof entry.hash === "string" && Array.isArray(entry.tokenHashes))
+            .slice(0, maxRecent);
+    }
+    catch {
+        return [];
+    }
+}
+async function saveNoveltyCache(entries) {
+    await fs.mkdir(path.dirname(NOVELTY_CACHE_FILE), { recursive: true });
+    await fs.writeFile(NOVELTY_CACHE_FILE, JSON.stringify(entries, null, 2) + "\n", "utf-8");
+}
+function inspectNovelty(content, entries, threshold) {
+    const normalized = normalizeMemoryText(content);
+    if (normalized.length < MIN_NOVELTY_CHARS) {
+        return { allow: true, contentHash: null, tokenHashes: [] };
+    }
+    const contentHash = createHash("sha256").update(normalized).digest("hex").slice(0, 24);
+    if (entries.some((entry) => entry.hash === contentHash)) {
+        return { allow: false, contentHash, tokenHashes: [], reason: "exact duplicate" };
+    }
+    const tokenHashes = buildTokenHashes(normalized);
+    const currentSet = new Set(tokenHashes);
+    for (const entry of entries) {
+        const score = jaccardSimilarity(currentSet, new Set(entry.tokenHashes || []));
+        if (score >= threshold) {
+            return {
+                allow: false,
+                contentHash,
+                tokenHashes,
+                reason: `near duplicate (similarity ${score.toFixed(2)})`,
+            };
+        }
+    }
+    return { allow: true, contentHash, tokenHashes };
+}
+async function createNoveltyGate(config) {
+    const thresholdRaw = Number(config.openclawAutoMemoryNoveltyThreshold);
+    const maxRecentRaw = Number(config.openclawAutoMemoryMaxRecent);
+    const threshold = Number.isFinite(thresholdRaw)
+        ? clamp(thresholdRaw, 0.6, 0.99)
+        : DEFAULT_NOVELTY_THRESHOLD;
+    const maxRecent = Number.isFinite(maxRecentRaw)
+        ? Math.floor(clamp(maxRecentRaw, 50, 1000))
+        : DEFAULT_MAX_RECENT;
+    const enabled = isAutoMemoryDedupeEnabled(config);
+    const entries = enabled ? await loadNoveltyCache(maxRecent) : [];
+    let dirty = false;
+    return {
+        inspect(content) {
+            if (!enabled)
+                return { allow: true, contentHash: null, tokenHashes: [] };
+            return inspectNovelty(content, entries, threshold);
+        },
+        remember(memory, novelty) {
+            if (!enabled || !novelty.contentHash || novelty.tokenHashes.length === 0)
+                return;
+            entries.unshift({
+                hash: novelty.contentHash,
+                tokenHashes: novelty.tokenHashes,
+                title: String(memory.title || "").slice(0, 120),
+                category: String(memory.category || "note"),
+                createdAt: new Date().toISOString(),
+            });
+            if (entries.length > maxRecent)
+                entries.length = maxRecent;
+            dirty = true;
+        },
+        async flush() {
+            if (!enabled || !dirty)
+                return;
+            await saveNoveltyCache(entries);
+        },
+    };
+}
+// ==================== HOOK HANDLERS ====================
+// Skip scanning internal OpenClaw content (boot checks, system prompts, heartbeats)
+const SKIP_PATTERNS = [
+    /^You are running a boot check/i,
+    /^Read HEARTBEAT\.md/i,
+    /^System:/,
+    /^\[System Message\]/,
+    /^HEARTBEAT_OK$/,
+    /^\[(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun)\s/, // Timestamped system events
+    /^A subagent task/i,
+    /subagent.*completed/i,
+];
+function isInternalContent(text) {
+    return SKIP_PATTERNS.some(p => p.test(text.trim()));
+}
+function handleLlmInput(event, ctx) {
+    // Fire and forget
+    (async () => {
+        try {
+            // Only scan user content, skip system/boot/heartbeat prompts
+            const userTexts = extractUserContent(event.historyMessages).slice(-5);
+            const texts = [event.prompt, ...userTexts].filter(t => t && !isInternalContent(t));
+            for (const text of texts) {
+                if (!text || text.length < 10)
+                    continue;
+                const result = await scanRealtimeContent(text);
+                if (!result.clean) {
+                    console.warn(`[shieldcortex] ⚠️ Threat in LLM input: ${result.summary}`);
+                    const entry = {
+                        type: "threat", hook: "llm_input", sessionId: event.sessionId,
+                        model: event.model, reason: result.summary,
+                        preview: text.slice(0, 100), ts: new Date().toISOString(),
+                    };
+                    auditLog(entry);
+                    loadConfig()
+                        .then(cfg => cloudSync({ ...entry, content: text.slice(0, 200) }, cfg))
+                        .catch(() => { });
+                }
+            }
+        }
+        catch (e) {
+            console.error("[shieldcortex] llm_input error:", e instanceof Error ? e.message : String(e));
+        }
+    })();
+}
+// Skip text blocks that are ShieldCortex/OpenClaw tool-result pass-throughs
+function isToolResultContent(text) {
+    // ShieldCortex recall returns "Found N memories:" header
+    if (/^Found \d+ memor(?:y|ies):/m.test(text))
+        return true;
+    // ShieldCortex get_context returns structured context blocks
+    if (/^## (?:Architecture|Patterns|Preferences|Errors|Context)/m.test(text))
+        return true;
+    // OpenClaw tool-result wrapper markers
+    if (/^\[tool_result\b/i.test(text.trim()))
+        return true;
+    if (/^<tool_result\b/i.test(text.trim()))
+        return true;
+    return false;
+}
+function handleLlmOutput(event, ctx) {
+    // Fire and forget
+    (async () => {
+        try {
+            const config = await loadConfig();
+            if (!isAutoMemoryEnabled(config))
+                return;
+            const texts = event.assistantTexts
+                .filter(t => t && t.length >= 30)
+                .filter(t => !isToolResultContent(t));
+            if (!texts.length)
+                return;
+            const memories = extractMemories(texts);
+            if (!memories.length)
+                return;
+            const noveltyGate = await createNoveltyGate(config);
+            let saved = 0;
+            let skipped = 0;
+            for (const mem of memories) {
+                const novelty = noveltyGate.inspect(mem.content);
+                if (!novelty.allow) {
+                    skipped++;
+                    continue;
+                }
+                const r = await callCortex("remember", {
+                    title: mem.title, content: mem.content, category: mem.category,
+                    project: ctx.agentId || "openclaw", scope: "global",
+                    importance: "normal", tags: "auto-extracted,realtime-plugin,llm-output",
+                    sourceType: "agent", sourceIdentifier: `openclaw-plugin:${event.sessionId}`,
+                    sessionId: event.sessionId, agentId: ctx.agentId || "openclaw", workspaceDir: ctx.workspaceDir || "",
+                });
+                if (r) {
+                    saved++;
+                    noveltyGate.remember(mem, novelty);
+                }
+            }
+            await noveltyGate.flush();
+            if (saved) {
+                console.log(`[shieldcortex] Extracted ${saved} memor${saved === 1 ? "y" : "ies"} from LLM output (${skipped} duplicates skipped)`);
+                auditLog({ type: "memory", hook: "llm_output", sessionId: event.sessionId, count: saved, skipped, ts: new Date().toISOString() });
+            }
+        }
+        catch (e) {
+            console.error("[shieldcortex] llm_output error:", e instanceof Error ? e.message : String(e));
+        }
+    })();
+}
+// ==================== PLUGIN EXPORT ====================
+export default {
+    id: PLUGIN_ID,
+    name: "ShieldCortex Real-time Scanner",
+    description: "Real-time defence scanning on LLM inputs with optional memory extraction from outputs",
+    version: _version,
+    configSchema: {
+        parse(value) {
+            return normaliseConfig(value);
+        },
+        uiHints: PLUGIN_CONFIG_UI_HINTS,
+        jsonSchema: PLUGIN_CONFIG_JSON_SCHEMA,
+    },
+    register(api) {
+        if (_registered)
+            return;
+        _registered = true;
+        try {
+            applyPluginConfigOverride(api);
+            // --- Interceptor (lazy init) ---
+            let interceptorReady = null;
+            let interceptorInitAttempted = false;
+            async function initInterceptor() {
+                if (interceptorInitAttempted)
+                    return interceptorReady;
+                interceptorInitAttempted = true;
+                try {
+                    const scConfig = await loadConfig();
+                    const rawInterceptorConfig = scConfig.interceptor;
+                    const interceptorConfig = {
+                        ...DEFAULT_INTERCEPTOR_CONFIG,
+                        ...(rawInterceptorConfig && typeof rawInterceptorConfig === 'object' ? {
+                            enabled: rawInterceptorConfig.enabled ?? DEFAULT_INTERCEPTOR_CONFIG.enabled,
+                            severityActions: { ...DEFAULT_INTERCEPTOR_CONFIG.severityActions, ...rawInterceptorConfig.severityActions },
+                            failurePolicy: { ...DEFAULT_INTERCEPTOR_CONFIG.failurePolicy, ...rawInterceptorConfig.failurePolicy },
+                        } : {}),
+                        logger: { info: api.logger?.info ?? console.log, warn: api.logger?.warn ?? console.warn },
+                    };
+                    if (!interceptorConfig.enabled)
+                        return null;
+                    // Dynamic import with string variable to prevent TypeScript from resolving
+                    // at compile time — 'shieldcortex/defence' only exists at runtime when the
+                    // package is installed globally, not during CI builds of the plugin itself.
+                    let defenceMod;
+                    try {
+                        const defenceModPath = 'shieldcortex' + '/defence';
+                        defenceMod = await import(/* webpackIgnore: true */ defenceModPath);
+                    }
+                    catch (importErr) {
+                        // Stack overflow or missing module — interceptor can't load
+                        api.logger?.warn?.(`[shieldcortex] Cannot load defence module: ${importErr instanceof Error ? importErr.message : importErr}`);
+                        return null;
+                    }
+                    if (typeof defenceMod.runDefencePipeline !== 'function')
+                        return null;
+                    interceptorReady = createInterceptor(interceptorConfig, defenceMod.runDefencePipeline, {
+                        onAuditEntry: (entry) => syncInterceptEvent(entry, {
+                            cloudApiKey: scConfig.cloudApiKey ?? '',
+                            cloudBaseUrl: scConfig.cloudBaseUrl ?? 'https://api.shieldcortex.ai',
+                            cloudEnabled: scConfig.cloudEnabled ?? false,
+                        }),
+                    });
+                    api.logger?.info?.('[shieldcortex] Interceptor active — watching: remember, mcp__memory__remember');
+                    return interceptorReady;
+                }
+                catch (err) {
+                    api.logger?.warn?.(`[shieldcortex] Interceptor init failed: ${err instanceof Error ? err.message : err}`);
+                    return null;
+                }
+            }
+            // Register before_tool_call with lazy-init wrapper
+            api.registerHook('before_tool_call', async (context) => {
+                const interceptor = await initInterceptor();
+                if (!interceptor)
+                    return;
+                try {
+                    await interceptor.handleToolCall(context);
+                }
+                catch (err) {
+                    // Intentional blocks from the interceptor (ShieldCortex: ...) should propagate
+                    if (err instanceof Error && err.message.startsWith('ShieldCortex:'))
+                        throw err;
+                    // Unexpected errors (DB crash, etc.) — log and allow the tool call through
+                    api.logger?.warn?.(`[shieldcortex] Interceptor error (allowing tool call): ${err instanceof Error ? err.message : err}`);
+                }
+            }, {
+                name: 'shieldcortex-intercept-tool',
+                description: 'Active threat gating on tool calls',
+            });
+            // Try to register session_end for cache cleanup
+            try {
+                api.registerHook('session_end', () => { interceptorReady?.resetSession(); }, {
+                    name: 'shieldcortex-session-cleanup',
+                    description: 'Clear interceptor deny cache on session end',
+                });
+            }
+            catch {
+                // session_end may not be a supported hook — TTL safety net handles this
+            }
+            // Explicit capability registration (replaces legacy api.on)
+            api.registerHook("llm_input", handleLlmInput, {
+                name: "shieldcortex-scan-input",
+                description: "Real-time threat scanning on LLM input",
+            });
+            api.registerHook("llm_output", handleLlmOutput, {
+                name: "shieldcortex-scan-output",
+                description: "Memory extraction from LLM output",
+            });
+            // Register a lightweight status command so the plugin is not hook-only
+            api.registerCommand({
+                name: "shieldcortex-status",
+                description: "Show ShieldCortex real-time scanner status",
+                async handler() {
+                    const cfg = await loadConfig();
+                    const autoMemory = isAutoMemoryEnabled(cfg) ? "on" : "off";
+                    const dedupe = isAutoMemoryDedupeEnabled(cfg) ? "on" : "off";
+                    const cloud = cfg.cloudApiKey ? "configured" : "not configured";
+                    return {
+                        text: `ShieldCortex v${_version}\n` +
+                            `  Hooks: llm_input (scan), llm_output (memory)\n` +
+                            `  Auto memory: ${autoMemory} | Dedupe: ${dedupe}\n` +
+                            `  Cloud sync: ${cloud}`,
+                    };
+                },
+            });
+            api.logger.info(`[shieldcortex] v${_version} registered (llm_input + llm_output + before_tool_call + /shieldcortex-status)`);
+        }
+        catch (err) {
+            // Plugin must never block channel startup — warn and bail gracefully
+            const msg = err instanceof Error ? err.message : String(err);
+            console.warn(`[shieldcortex] WARNING: Plugin failed to initialize: ${msg}`);
+            console.warn('[shieldcortex] Real-time scanning is disabled. Channels will start normally.');
+        }
+    },
+};

package/dist/intercept-ingest.js

@@ -0,0 +1,18 @@
+export function syncInterceptEvent(event, config) {
+    if (!config.cloudEnabled || !config.cloudApiKey)
+        return;
+    const url = `${config.cloudBaseUrl}/v1/audit/ingest`;
+    fetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${config.cloudApiKey}`,
+        },
+        body: JSON.stringify({
+            events: [{ ...event, source: 'openclaw-interceptor' }],
+        }),
+        signal: AbortSignal.timeout(5_000),
+    }).catch(() => {
+        // Fire-and-forget — never block on cloud sync failure
+    });
+}

package/dist/interceptor.js

@@ -0,0 +1,346 @@
+import { createHash } from 'node:crypto';
+import { mkdirSync, appendFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+const WATCHED_TOOLS = ['remember', 'mcp__memory__remember'];
+const CONTENT_FIELDS = {
+    remember: ['content', 'title'],
+    mcp__memory__remember: ['content', 'title'],
+};
+// Defaults relaxed in v4.11.0: critical/high no longer block the tool call with
+// a synchronous approval prompt. The defence pipeline still runs and
+// `failurePolicy` still denies on critical/high, so the block is preserved —
+// what changes is the user-facing approval gate. Opt back in with
+// `severityActions: { high: 'require_approval', critical: 'require_approval' }`.
+const DEFAULT_CONFIG = {
+    enabled: true,
+    severityActions: {
+        low: 'log',
+        medium: 'log',
+        high: 'warn',
+        critical: 'log',
+    },
+    failurePolicy: {
+        low: 'allow',
+        medium: 'allow',
+        high: 'deny',
+        critical: 'deny',
+    },
+};
+export { WATCHED_TOOLS, CONTENT_FIELDS, DEFAULT_CONFIG };
+export function extractContent(toolName, args) {
+    const fields = CONTENT_FIELDS[toolName];
+    if (!fields)
+        return { title: '', content: '' };
+    const title = typeof args.title === 'string' ? args.title : '';
+    const content = typeof args.content === 'string' ? args.content : '';
+    return { title, content };
+}
+export function mapSeverity(firewall) {
+    if (firewall.result === 'BLOCK')
+        return 'critical';
+    if (firewall.result === 'QUARANTINE')
+        return 'high';
+    if (firewall.result === 'ALLOW' && firewall.anomalyScore >= 0.3)
+        return 'medium';
+    return 'low';
+}
+// --- Deny Cache ---
+// Exact replica of normalizeMemoryText() from index.ts (lines 426-434).
+// Must produce identical output for SHA-256 hash consistency.
+function normaliseContent(text) {
+    return String(text || '')
+        .toLowerCase()
+        .replace(/[`"'\\]/g, ' ')
+        .replace(/https?:\/\/\S+/g, ' ')
+        .replace(/[^a-z0-9\s]/g, ' ')
+        .replace(/\s+/g, ' ')
+        .trim();
+}
+function hashContent(text) {
+    return createHash('sha256').update(normaliseContent(text)).digest('hex');
+}
+const TWO_HOURS_MS = 2 * 60 * 60 * 1000;
+export class DenyCache {
+    cache = new Map();
+    maxPerTool;
+    ttlMs;
+    constructor(maxPerTool = 200, ttlMs = TWO_HOURS_MS) {
+        this.maxPerTool = maxPerTool;
+        this.ttlMs = ttlMs;
+    }
+    isDenied(tool, content) {
+        const entries = this.cache.get(tool);
+        if (!entries)
+            return false;
+        const hash = hashContent(content);
+        const now = Date.now();
+        return entries.some(e => e.hash === hash && (now - e.ts) < this.ttlMs);
+    }
+    addDenial(tool, content) {
+        const hash = hashContent(content);
+        const now = Date.now();
+        if (!this.cache.has(tool)) {
+            this.cache.set(tool, []);
+        }
+        const entries = this.cache.get(tool);
+        const live = entries.filter(e => (now - e.ts) < this.ttlMs);
+        if (live.some(e => e.hash === hash))
+            return;
+        live.push({ hash, ts: now });
+        while (live.length > this.maxPerTool) {
+            live.shift();
+        }
+        this.cache.set(tool, live);
+    }
+    reset() {
+        this.cache.clear();
+    }
+}
+// --- Rate Limiter ---
+export class RateLimiter {
+    timestamps = [];
+    maxPerWindow;
+    windowMs;
+    constructor(maxPerWindow = 5, windowMs = 60_000) {
+        this.maxPerWindow = maxPerWindow;
+        this.windowMs = windowMs;
+    }
+    shouldAllow() {
+        const now = Date.now();
+        this.timestamps = this.timestamps.filter(t => now - t < this.windowMs);
+        if (this.timestamps.length >= this.maxPerWindow)
+            return false;
+        this.timestamps.push(now);
+        return true;
+    }
+}
+export function formatApprovalPrompt(input) {
+    const preview = input.content.length > 200
+        ? input.content.slice(0, 200) + '...'
+        : input.content;
+    const threatList = input.threats.length > 0
+        ? input.threats.join(', ')
+        : 'none identified';
+    return [
+        '🛡️ ShieldCortex — Tool Call Intercepted',
+        '',
+        `Tool:       ${input.tool}`,
+        `Risk:       ${input.severity} (${input.firewallResult})`,
+        `Threats:    ${threatList}`,
+        `Content:    "${preview}"`,
+        '',
+        '[Approve]  [Deny]',
+    ].join('\n');
+}
+// --- Audit Logging (local JSONL) ---
+const AUDIT_DIR = join(homedir(), '.shieldcortex', 'audit');
+function writeAuditEntry(entry) {
+    try {
+        mkdirSync(AUDIT_DIR, { recursive: true });
+        const date = new Date().toISOString().slice(0, 10);
+        const file = join(AUDIT_DIR, `realtime-${date}.jsonl`);
+        appendFileSync(file, JSON.stringify(entry) + '\n');
+    }
+    catch {
+        // Best-effort — never block on audit failure
+    }
+}
+// --- X-Ray Inline Guard ---
+// Lightweight inline version of xrayMemoryContent for the plugin build boundary.
+// Detects AI directive injection patterns in memory content.
+const XRAY_AI_DIRECTIVE_PATTERNS = [
+    /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions?|prompts?|context)/i,
+    /disregard\s+(all\s+)?(previous|prior|above)\s+(instructions?|rules?)/i,
+    /override\s+(previous|prior|all)\s+(instructions?|rules?|constraints?)/i,
+    /you\s+are\s+now\s+(?:in\s+)?(?:developer|god|admin|root|unrestricted)\s+mode/i,
+    /enter\s+(?:developer|god|admin|DAN|jailbreak)\s+mode/i,
+    /(?:system|hidden|secret)\s*(?:prompt|instruction|directive)\s*:/i,
+    /\[SYSTEM\]\s*:/i,
+    /\[INST\]/i,
+    /<\|(?:system|user|assistant|im_start|im_end)\|>/i,
+    /(?:decode|execute|follow)\s+(?:the\s+)?hidden\s+(?:instructions?|payload|message)/i,
+    /(?:hidden|embedded|encoded)\s+(?:instructions?|directive|command)\s+(?:in|within|inside)/i,
+];
+const XRAY_FILENAME_PATTERNS = [
+    /ignore_previous/i, /decode_hidden/i, /execute_instructions/i,
+    /override_previous/i, /developer_mode/i, /system_prompt/i,
+    /jailbreak/i, /\[SYSTEM\]/i, /\[INST\]/i,
+];
+function xrayMemoryGuard(content, title) {
+    const findings = [];
+    const text = content.length > 50000 ? content.slice(0, 50000) : content;
+    for (const pattern of XRAY_AI_DIRECTIVE_PATTERNS) {
+        if (pattern.test(text)) {
+            findings.push({ category: 'ai-directive', title: 'AI directive injection detected', severity: 'critical' });
+            break;
+        }
+    }
+    if (title) {
+        for (const pattern of XRAY_FILENAME_PATTERNS) {
+            if (pattern.test(title)) {
+                findings.push({ category: 'ai-directive', title: 'AI directive in title', severity: 'critical' });
+                break;
+            }
+        }
+    }
+    // Score: 100 - 60 per critical finding (single critical = blocked)
+    const score = Math.max(0, 100 - findings.length * 60);
+    const riskLevel = score >= 80 ? 'SAFE' : score >= 60 ? 'LOW' : score >= 40 ? 'MEDIUM' : score >= 20 ? 'HIGH' : 'CRITICAL';
+    return { allowed: score >= 60, findings, riskLevel };
+}
+export function createInterceptor(config, pipeline, options) {
+    const denyCache = new DenyCache();
+    const rateLimiter = new RateLimiter(options?.maxPromptsPerMinute ?? 5);
+    const log = config.logger ?? { info: console.log, warn: console.warn };
+    const onAuditEntry = options?.onAuditEntry;
+    function emitAudit(entry) {
+        writeAuditEntry(entry);
+        onAuditEntry?.(entry);
+    }
+    async function handleToolCall(context) {
+        if (!WATCHED_TOOLS.includes(context.toolName))
+            return;
+        const { title, content } = extractContent(context.toolName, context.arguments);
+        const fullContent = [title, content].filter(Boolean).join(' ');
+        if (!fullContent.trim())
+            return;
+        // X-Ray content scan — fast, synchronous, no I/O
+        const xrayResult = xrayMemoryGuard(content, title || undefined);
+        if (!xrayResult.allowed) {
+            const xrayEntry = {
+                type: 'intercept', tool: context.toolName, severity: 'critical',
+                firewallResult: 'BLOCK', threats: xrayResult.findings.map(f => f.category),
+                anomalyScore: 1, action: 'auto_deny', outcome: 'auto_denied',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(xrayEntry);
+            throw new Error(`ShieldCortex: tool call blocked by X-Ray memory guard (risk: ${xrayResult.riskLevel}, findings: ${xrayResult.findings.length})`);
+        }
+        let severity;
+        let firewallResult;
+        let threats;
+        let anomalyScore;
+        try {
+            const result = pipeline(content, title, { type: 'agent', identifier: 'openclaw' });
+            severity = mapSeverity(result.firewall);
+            firewallResult = result.firewall.result;
+            threats = result.firewall.threatIndicators;
+            anomalyScore = result.firewall.anomalyScore;
+        }
+        catch (err) {
+            log.warn(`[shieldcortex] ⚠️ Defence pipeline error: ${err instanceof Error ? err.message : err}`);
+            const failAction = config.failurePolicy.high;
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity: 'high',
+                firewallResult: 'ERROR', threats: ['pipeline_error'], anomalyScore: 0,
+                action: 'require_approval', outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            if (failAction === 'deny') {
+                throw new Error('ShieldCortex: tool call blocked — pipeline error, failure policy: deny');
+            }
+            return;
+        }
+        if (denyCache.isDenied(context.toolName, fullContent)) {
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'auto_deny', outcome: 'auto_denied',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            throw new Error('ShieldCortex: tool call auto-denied (previously denied content)');
+        }
+        const action = config.severityActions[severity];
+        if (action === 'log') {
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'log', outcome: 'logged',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            return;
+        }
+        if (action === 'warn') {
+            log.warn(`[shieldcortex] ⚠️ ${severity} risk in ${context.toolName}: ${threats.join(', ') || 'anomaly detected'}`);
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'warn', outcome: 'warned',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            return;
+        }
+        // action === 'require_approval'
+        if (typeof context.requireApproval !== 'function') {
+            // requireApproval unavailable (pre-v2026.3.28) — apply failurePolicy, not blanket allow
+            const failAction = config.failurePolicy[severity];
+            log.warn(`[shieldcortex] ⚠️ requireApproval not available for ${severity} risk in ${context.toolName} — failure policy: ${failAction}`);
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'require_approval',
+                outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            if (failAction === 'deny') {
+                throw new Error(`ShieldCortex: tool call blocked — requireApproval unavailable, failure policy: deny`);
+            }
+            return;
+        }
+        if (!rateLimiter.shouldAllow()) {
+            log.warn('[shieldcortex] ⚠️ Too many approval prompts — auto-denying');
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'rate_limit', outcome: 'auto_denied',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            denyCache.addDenial(context.toolName, fullContent);
+            throw new Error('ShieldCortex: tool call auto-denied (rate limit exceeded)');
+        }
+        const message = formatApprovalPrompt({ tool: context.toolName, severity, firewallResult, threats, content: fullContent });
+        let approved;
+        try {
+            approved = await context.requireApproval(message);
+        }
+        catch (err) {
+            const failAction = config.failurePolicy[severity];
+            log.warn(`[shieldcortex] ⚠️ requireApproval error: ${err instanceof Error ? err.message : err} — failure policy: ${failAction}`);
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'require_approval',
+                outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            if (failAction === 'deny') {
+                throw new Error(`ShieldCortex: tool call blocked — requireApproval error, failure policy: deny`);
+            }
+            return;
+        }
+        if (approved) {
+            const entry = {
+                type: 'intercept', tool: context.toolName, severity, firewallResult,
+                threats, anomalyScore, action: 'require_approval', outcome: 'approved',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(entry);
+            return;
+        }
+        // Denied
+        denyCache.addDenial(context.toolName, fullContent);
+        const entry = {
+            type: 'intercept', tool: context.toolName, severity, firewallResult,
+            threats, anomalyScore, action: 'require_approval', outcome: 'denied',
+            preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+        };
+        emitAudit(entry);
+        throw new Error('ShieldCortex: tool call denied by user');
+    }
+    function resetSession() {
+        denyCache.reset();
+    }
+    return { handleToolCall, resetSession };
+}

package/dist/openclaw.plugin.json

@@ -0,0 +1,135 @@
+{
+  "id": "shieldcortex-realtime",
+  "version": "4.14.0",
+  "name": "ShieldCortex Real-time Scanner",
+  "description": "Real-time defence scanning on LLM input, memory extraction on LLM output, and active tool call interception with approval gating.",
+  "kind": null,
+  "engines": {
+    "openclaw": ">=2026.3.22",
+    "recommended": ">=2026.4.23"
+  },
+  "enabledByDefault": false,
+  "activation": {
+    "onStartup": false,
+    "hooks": ["llm_input", "llm_output", "before_tool_call", "session_end"],
+    "commands": ["shieldcortex-status"]
+  },
+  "contracts": {},
+  "commandAliases": {
+    "shieldcortex-status": "shieldcortex-status"
+  },
+  "uiHints": {
+    "binaryPath": {
+      "label": "ShieldCortex Binary Path",
+      "help": "Optional absolute path to the shieldcortex CLI when it is not on PATH.",
+      "placeholder": "/usr/local/bin/shieldcortex",
+      "advanced": true
+    },
+    "cloudApiKey": {
+      "label": "Cloud API Key",
+      "help": "Optional ShieldCortex Cloud API key used for realtime threat forwarding.",
+      "placeholder": "sc_...",
+      "sensitive": true
+    },
+    "cloudBaseUrl": {
+      "label": "Cloud Base URL",
+      "help": "Override the ShieldCortex Cloud API base URL if you use a self-hosted or staging endpoint.",
+      "placeholder": "https://api.shieldcortex.ai",
+      "advanced": true
+    },
+    "openclawAutoMemory": {
+      "label": "Auto Memory Extraction",
+      "help": "Extract high-signal decisions and learnings from LLM output into ShieldCortex memory."
+    },
+    "openclawAutoMemoryDedupe": {
+      "label": "Dedupe Auto Memory",
+      "help": "Skip near-duplicate memories before they are written to ShieldCortex.",
+      "advanced": true
+    },
+    "openclawAutoMemoryNoveltyThreshold": {
+      "label": "Novelty Threshold",
+      "help": "Similarity threshold for duplicate suppression. Higher values keep more memories.",
+      "advanced": true
+    },
+    "openclawAutoMemoryMaxRecent": {
+      "label": "Recent Memory Cache Size",
+      "help": "How many recent extracted memories to keep in the dedupe cache.",
+      "advanced": true
+    },
+    "interceptor.enabled": {
+      "label": "Enable Tool Call Interceptor",
+      "description": "Scan memory-write tool calls and gate suspicious content behind user approval",
+      "type": "boolean"
+    },
+    "interceptor.severityActions.high": {
+      "label": "High Severity Action",
+      "description": "Action for high-severity threats (log, warn, require_approval)",
+      "type": "string"
+    },
+    "interceptor.severityActions.critical": {
+      "label": "Critical Severity Action",
+      "description": "Action for critical-severity threats (log, warn, require_approval)",
+      "type": "string"
+    }
+  },
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "enabled": {
+        "type": "boolean"
+      },
+      "binaryPath": {
+        "type": "string"
+      },
+      "cloudApiKey": {
+        "type": "string"
+      },
+      "cloudBaseUrl": {
+        "type": "string"
+      },
+      "openclawAutoMemory": {
+        "type": "boolean"
+      },
+      "openclawAutoMemoryDedupe": {
+        "type": "boolean"
+      },
+      "openclawAutoMemoryNoveltyThreshold": {
+        "type": "number",
+        "minimum": 0.6,
+        "maximum": 0.99
+      },
+      "openclawAutoMemoryMaxRecent": {
+        "type": "integer",
+        "minimum": 50,
+        "maximum": 1000
+      },
+      "interceptor": {
+        "type": "object",
+        "properties": {
+          "enabled": { "type": "boolean", "default": true },
+          "severityActions": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "low": { "type": "string", "enum": ["log", "warn", "require_approval"], "default": "log" },
+              "medium": { "type": "string", "enum": ["log", "warn", "require_approval"], "default": "log" },
+              "high": { "type": "string", "enum": ["log", "warn", "require_approval"], "default": "warn" },
+              "critical": { "type": "string", "enum": ["log", "warn", "require_approval"], "default": "log" }
+            }
+          },
+          "failurePolicy": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "low": { "type": "string", "enum": ["allow", "deny"], "default": "allow" },
+              "medium": { "type": "string", "enum": ["allow", "deny"], "default": "allow" },
+              "high": { "type": "string", "enum": ["allow", "deny"], "default": "deny" },
+              "critical": { "type": "string", "enum": ["allow", "deny"], "default": "deny" }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/index.ts

@@ -210,6 +210,11 @@ const PLUGIN_CONFIG_JSON_SCHEMA = {
 };
 
 let _config: SCConfig | null = null;
+// Identity of the shield config we last merged from. The runtime's
+// loadShieldConfig() returns the same parsed object until the file's mtime
+// advances; using reference equality lets us re-merge precisely when the
+// underlying config has actually changed (dashboard / CLI write).
+let _lastShieldConfigRef: unknown = null;
 let _configOverride: SCConfig | null = null;
 let _version = "0.0.0";
 try {
@@ -292,16 +297,17 @@ function applyPluginConfigOverride(api: PluginApi): void {
     ...(_configOverride ?? {}),
     ...pluginConfig,
   };
-  if (_config) {
-    _config = { ..._config, ...pluginConfig };
-  }
+  // Override changed — invalidate so loadConfig() re-merges with new override.
+  _config = null;
+  _lastShieldConfigRef = null;
 }
 
 async function loadConfig(): Promise<SCConfig> {
-  if (_config) return _config;
-  const shieldConfig = normaliseConfig(await (await getRuntime()).loadShieldConfig());
+  const shieldConfigRaw = await (await getRuntime()).loadShieldConfig();
+  if (_config && shieldConfigRaw === _lastShieldConfigRef) return _config;
+  _lastShieldConfigRef = shieldConfigRaw;
   _config = {
-    ...shieldConfig,
+    ...normaliseConfig(shieldConfigRaw),
     ...(_configOverride ?? {}),
   };
   return _config;

package/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
   "id": "shieldcortex-realtime",
-  "version": "4.12.14",
+  "version": "4.14.0",
   "name": "ShieldCortex Real-time Scanner",
   "description": "Real-time defence scanning on LLM input, memory extraction on LLM output, and active tool call interception with approval gating.",
   "kind": null,

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@drakon-systems/shieldcortex-realtime",
-  "version": "4.12.14",
+  "version": "4.14.0",
   "description": "OpenClaw plugin for ShieldCortex real-time defence scanning and optional memory extraction.",
   "type": "module",
-  "main": "index.ts",
+  "main": "./dist/index.js",
   "license": "MIT",
   "keywords": [
     "openclaw",
@@ -14,6 +14,7 @@
     "memory"
   ],
   "files": [
+    "dist/",
     "index.ts",
     "interceptor.ts",
     "intercept-ingest.ts",
@@ -25,7 +26,7 @@
     "pack:verify": "npm pack --dry-run"
   },
   "peerDependencies": {
-    "shieldcortex": "^4.12.14",
+    "shieldcortex": "^4.14.0",
     "openclaw": ">=2026.3.22"
   },
   "peerDependenciesMeta": {
@@ -40,7 +41,13 @@
   },
   "openclaw": {
     "extensions": [
-      "./index.ts"
+      "./dist/index.js"
+    ],
+    "hooks": [
+      "llm_input",
+      "llm_output",
+      "before_tool_call",
+      "session_end"
     ]
   },
   "repository": {