@drakon-systems/shieldcortex-realtime 4.32.1 → 4.32.3

package/cloud-sync.ts

@@ -1,6 +1,11 @@
 // plugins/openclaw/cloud-sync.ts
 //
-// Network egress for SC threat events. See CHANGELOG.md v4.12.8 / v4.12.9.
+// Network egress for SC realtime input-scan threat events. See CHANGELOG.md
+// v4.12.8 / v4.12.9. Posts canonical audit entries to /v1/audit/ingest — the
+// only ingest route the SaaS exposes (the old /v1/threats route never existed
+// server-side, so these events were silently 404'd and dropped).
+
+import { toAuditEntry } from './audit-entry.js';
 
 type CloudSyncConfig = {
   cloudEnabled?: boolean;
@@ -15,20 +20,29 @@ export function cloudSync(threat: Record<string, unknown>, cfg: CloudSyncConfig)
   // cloud sync was "off" (ClawScan finding: external scanning without a local-only
   // default).
   if (!cfg.cloudEnabled || !cfg.cloudApiKey) return;
-  // Privacy: never transmit raw LLM input. Strip any input content/preview snippet —
-  // forward threat METADATA only (ClawScan finding: previews may contain credentials
-  // or confidential data). The local audit log keeps fuller detail for triage.
-  const metadata: Record<string, unknown> = { ...threat };
-  delete metadata.content;
-  delete metadata.preview;
-  const url = `${cfg.cloudBaseUrl || 'https://api.shieldcortex.ai'}/v1/threats`;
+  // Privacy: never transmit raw LLM input. We build a fresh canonical entry from
+  // named METADATA fields only — content/preview are never read or copied, so they
+  // cannot leak even though the caller's `threat` object carries them (ClawScan
+  // finding: previews may contain credentials or confidential data). The explicit
+  // field-passing below IS the privacy boundary. The local audit log keeps fuller
+  // detail for triage.
+  const entry = toAuditEntry({
+    kind: 'realtime',
+    hook: typeof threat.hook === 'string' ? threat.hook : undefined,
+    sessionId: typeof threat.sessionId === 'string' ? threat.sessionId : undefined,
+    model: typeof threat.model === 'string' ? threat.model : undefined,
+    reason: typeof threat.reason === 'string' ? threat.reason : undefined,
+    ts: typeof threat.ts === 'string' ? threat.ts : undefined,
+  });
+  if (!entry) return;
+  const url = `${cfg.cloudBaseUrl || 'https://api.shieldcortex.ai'}/v1/audit/ingest`;
   fetch(url, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       Authorization: `Bearer ${cfg.cloudApiKey}`,
     },
-    body: JSON.stringify(metadata),
+    body: JSON.stringify({ entries: [entry] }),
     signal: AbortSignal.timeout(5000),
   }).catch(() => {
     // Fire-and-forget — never block on cloud sync failure

package/dist/audit-entry.js

@@ -0,0 +1,56 @@
+// plugins/openclaw/audit-entry.ts
+// Canonical audit-entry builder for the OpenClaw plugin's cloud egress.
+// Mirrors the SaaS ingestSchema (ShieldCortex-internal/src/routes/v1/audit.ts).
+// Privacy: callers pass METADATA only — this never reads content/preview.
+function clamp01(n) {
+    const v = typeof n === 'number' && Number.isFinite(n) ? n : 0;
+    return Math.max(0, Math.min(1, v));
+}
+function normalizeFirewallResult(raw, fallback) {
+    const s = String(raw ?? '').toUpperCase();
+    if (s === 'ALLOW' || s === 'BLOCK' || s === 'QUARANTINE')
+        return s;
+    if (s === 'DENY' || s === 'DENIED' || s === 'AUTO_DENIED' || s === 'BLOCKED')
+        return 'BLOCK';
+    return fallback;
+}
+function isoTimestamp(raw) {
+    const c = typeof raw === 'string' ? raw : '';
+    const t = c ? new Date(c).getTime() : NaN;
+    return Number.isNaN(t) ? new Date().toISOString() : new Date(t).toISOString();
+}
+export function toAuditEntry(input) {
+    if (!input)
+        return null;
+    const timestamp = isoTimestamp(input.ts);
+    if (input.kind === 'intercept') {
+        const anomaly = clamp01(input.anomalyScore);
+        return {
+            source_type: 'openclaw-interceptor',
+            source_identifier: input.tool || 'openclaw',
+            trust_score: input.trustScore != null ? clamp01(input.trustScore) : clamp01(1 - anomaly),
+            sensitivity_level: input.sensitivityLevel || 'INTERNAL',
+            firewall_result: normalizeFirewallResult(input.firewallResult, 'QUARANTINE'),
+            anomaly_score: anomaly,
+            threat_indicators: Array.isArray(input.threats) ? input.threats.map(String) : [],
+            fragmentation_score: input.fragmentationScore == null ? null : clamp01(input.fragmentationScore),
+            reason: `OpenClaw intercept: ${input.tool ?? 'tool'} → ${input.outcome ?? input.action ?? 'logged'}`,
+            pipeline_duration_ms: Math.max(0, Math.trunc(input.pipelineDurationMs ?? 0)),
+            timestamp,
+        };
+    }
+    const reason = input.reason || 'OpenClaw realtime threat';
+    return {
+        source_type: input.hook || 'openclaw-realtime',
+        source_identifier: input.model || input.sessionId || 'openclaw',
+        trust_score: 0.5,
+        sensitivity_level: 'INTERNAL',
+        firewall_result: 'QUARANTINE',
+        anomaly_score: 0,
+        threat_indicators: [reason],
+        fragmentation_score: null,
+        reason,
+        pipeline_duration_ms: 0,
+        timestamp,
+    };
+}

package/dist/cloud-sync.js

@@ -1,6 +1,10 @@
 // plugins/openclaw/cloud-sync.ts
 //
-// Network egress for SC threat events. See CHANGELOG.md v4.12.8 / v4.12.9.
+// Network egress for SC realtime input-scan threat events. See CHANGELOG.md
+// v4.12.8 / v4.12.9. Posts canonical audit entries to /v1/audit/ingest — the
+// only ingest route the SaaS exposes (the old /v1/threats route never existed
+// server-side, so these events were silently 404'd and dropped).
+import { toAuditEntry } from './audit-entry.js';
 export function cloudSync(threat, cfg) {
     // Consent gate: require cloud explicitly enabled AND an API key — matching every
     // other egress sender (intercept-ingest.ts, src/cloud/*). Previously this checked
@@ -9,20 +13,30 @@ export function cloudSync(threat, cfg) {
     // default).
     if (!cfg.cloudEnabled || !cfg.cloudApiKey)
         return;
-    // Privacy: never transmit raw LLM input. Strip any input content/preview snippet —
-    // forward threat METADATA only (ClawScan finding: previews may contain credentials
-    // or confidential data). The local audit log keeps fuller detail for triage.
-    const metadata = { ...threat };
-    delete metadata.content;
-    delete metadata.preview;
-    const url = `${cfg.cloudBaseUrl || 'https://api.shieldcortex.ai'}/v1/threats`;
+    // Privacy: never transmit raw LLM input. We build a fresh canonical entry from
+    // named METADATA fields only — content/preview are never read or copied, so they
+    // cannot leak even though the caller's `threat` object carries them (ClawScan
+    // finding: previews may contain credentials or confidential data). The explicit
+    // field-passing below IS the privacy boundary. The local audit log keeps fuller
+    // detail for triage.
+    const entry = toAuditEntry({
+        kind: 'realtime',
+        hook: typeof threat.hook === 'string' ? threat.hook : undefined,
+        sessionId: typeof threat.sessionId === 'string' ? threat.sessionId : undefined,
+        model: typeof threat.model === 'string' ? threat.model : undefined,
+        reason: typeof threat.reason === 'string' ? threat.reason : undefined,
+        ts: typeof threat.ts === 'string' ? threat.ts : undefined,
+    });
+    if (!entry)
+        return;
+    const url = `${cfg.cloudBaseUrl || 'https://api.shieldcortex.ai'}/v1/audit/ingest`;
     fetch(url, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
             Authorization: `Bearer ${cfg.cloudApiKey}`,
         },
-        body: JSON.stringify(metadata),
+        body: JSON.stringify({ entries: [entry] }),
         signal: AbortSignal.timeout(5000),
     }).catch(() => {
         // Fire-and-forget — never block on cloud sync failure

package/dist/index.js

@@ -562,8 +562,9 @@ export async function scanLlmInput(event, _ctx) {
                 };
                 auditLog(entry);
                 loadConfig()
-                    // Pass the local entry as-is; cloudSync strips the input preview/content
-                    // before transmit (metadata-only egress). No raw LLM input leaves here.
+                    // Pass the local entry as-is; cloudSync rebuilds a canonical metadata-only
+                    // entry from named fields and never reads preview/content. No raw LLM input
+                    // leaves here.
                     .then(cfg => cloudSync(entry, cfg))
                     .catch(() => { });
             }

package/dist/intercept-ingest.js

@@ -1,21 +1,38 @@
+// plugins/openclaw/intercept-ingest.ts
+import { toAuditEntry } from './audit-entry.js';
 export function syncInterceptEvent(event, config) {
     if (!config.cloudEnabled || !config.cloudApiKey)
         return;
-    const url = `${config.cloudBaseUrl}/v1/audit/ingest`;
-    // Privacy: forward audit METADATA only — strip the content preview so raw memory
-    // text never leaves the machine (ClawScan finding: previews may contain credentials
-    // or confidential data). The local audit JSONL retains the preview for triage.
-    const metadata = { ...event };
-    delete metadata.preview;
-    fetch(url, {
+    // Privacy: build a canonical audit entry from METADATA only — the content
+    // preview never leaves the machine (ClawScan finding: previews may contain
+    // credentials or confidential data). The local audit JSONL retains the
+    // preview for triage. toAuditEntry has no notion of preview/content.
+    const entry = toAuditEntry({
+        kind: 'intercept',
+        tool: event.tool,
+        firewallResult: event.firewallResult,
+        threats: event.threats,
+        anomalyScore: event.anomalyScore,
+        trustScore: event.trustScore,
+        sensitivityLevel: event.sensitivityLevel,
+        fragmentationScore: event.fragmentationScore,
+        outcome: event.outcome,
+        action: event.action,
+        pipelineDurationMs: event.pipelineDurationMs,
+        ts: event.ts,
+    });
+    if (!entry)
+        return;
+    // SaaS /v1/audit/ingest requires { entries: [<canonical snake_case entry>] }
+    // (zod ingestSchema). The old { events: [...] } shape was rejected 400 and
+    // every interceptor POST was silently dropped.
+    fetch(`${config.cloudBaseUrl}/v1/audit/ingest`, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
             Authorization: `Bearer ${config.cloudApiKey}`,
         },
-        body: JSON.stringify({
-            events: [{ ...metadata, source: 'openclaw-interceptor' }],
-        }),
+        body: JSON.stringify({ entries: [entry] }),
         signal: AbortSignal.timeout(5_000),
     }).catch(() => {
         // Fire-and-forget — never block on cloud sync failure

package/dist/interceptor.js

@@ -211,7 +211,10 @@ export function createInterceptor(config, pipeline, options) {
             const xrayEntry = {
                 type: 'intercept', tool: context.toolName, severity: 'critical',
                 firewallResult: 'BLOCK', threats: xrayResult.findings.map(f => f.category),
-                anomalyScore: 1, action: 'auto_deny', outcome: 'auto_denied',
+                anomalyScore: 1,
+                // X-Ray short-circuits before the pipeline runs — no pipeline result.
+                trustScore: 0, sensitivityLevel: 'INTERNAL', fragmentationScore: null, pipelineDurationMs: 0,
+                action: 'auto_deny', outcome: 'auto_denied',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
             emitAudit(xrayEntry);
@@ -221,12 +224,21 @@ export function createInterceptor(config, pipeline, options) {
         let firewallResult;
         let threats;
         let anomalyScore;
+        let trustScore;
+        let sensitivityLevel;
+        let fragmentationScore;
+        let pipelineDurationMs;
         try {
+            const pipelineStart = Date.now();
             const result = pipeline(content, title, { type: 'agent', identifier: 'openclaw' });
+            pipelineDurationMs = Date.now() - pipelineStart;
             severity = mapSeverity(result.firewall);
             firewallResult = result.firewall.result;
             threats = result.firewall.threatIndicators;
             anomalyScore = result.firewall.anomalyScore;
+            trustScore = result.trust.score;
+            sensitivityLevel = result.sensitivity.level;
+            fragmentationScore = result.fragmentation?.score ?? null;
         }
         catch (err) {
             log.warn(`[shieldcortex] ⚠️ Defence pipeline error: ${err instanceof Error ? err.message : err}`);
@@ -234,6 +246,8 @@ export function createInterceptor(config, pipeline, options) {
             const entry = {
                 type: 'intercept', tool: context.toolName, severity: 'high',
                 firewallResult: 'ERROR', threats: ['pipeline_error'], anomalyScore: 0,
+                // Pipeline threw — no result in scope, use documented defaults.
+                trustScore: 0, sensitivityLevel: 'INTERNAL', fragmentationScore: null, pipelineDurationMs: 0,
                 action: 'require_approval', outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
@@ -246,7 +260,8 @@ export function createInterceptor(config, pipeline, options) {
         if (denyCache.isDenied(context.toolName, fullContent)) {
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'auto_deny', outcome: 'auto_denied',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'auto_deny', outcome: 'auto_denied',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
             emitAudit(entry);
@@ -256,7 +271,8 @@ export function createInterceptor(config, pipeline, options) {
         if (action === 'log') {
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'log', outcome: 'logged',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'log', outcome: 'logged',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
             emitAudit(entry);
@@ -266,7 +282,8 @@ export function createInterceptor(config, pipeline, options) {
             log.warn(`[shieldcortex] ⚠️ ${severity} risk in ${context.toolName}: ${threats.join(', ') || 'anomaly detected'}`);
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'warn', outcome: 'warned',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'warn', outcome: 'warned',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
             emitAudit(entry);
@@ -279,7 +296,8 @@ export function createInterceptor(config, pipeline, options) {
             log.warn(`[shieldcortex] ⚠️ requireApproval not available for ${severity} risk in ${context.toolName} — failure policy: ${failAction}`);
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'require_approval',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'require_approval',
                 outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
@@ -293,7 +311,8 @@ export function createInterceptor(config, pipeline, options) {
             log.warn('[shieldcortex] ⚠️ Too many approval prompts — auto-denying');
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'rate_limit', outcome: 'auto_denied',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'rate_limit', outcome: 'auto_denied',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
             emitAudit(entry);
@@ -310,7 +329,8 @@ export function createInterceptor(config, pipeline, options) {
             log.warn(`[shieldcortex] ⚠️ requireApproval error: ${err instanceof Error ? err.message : err} — failure policy: ${failAction}`);
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'require_approval',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'require_approval',
                 outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
@@ -323,7 +343,8 @@ export function createInterceptor(config, pipeline, options) {
         if (approved) {
             const entry = {
                 type: 'intercept', tool: context.toolName, severity, firewallResult,
-                threats, anomalyScore, action: 'require_approval', outcome: 'approved',
+                threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+                action: 'require_approval', outcome: 'approved',
                 preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
             };
             emitAudit(entry);
@@ -333,7 +354,8 @@ export function createInterceptor(config, pipeline, options) {
         denyCache.addDenial(context.toolName, fullContent);
         const entry = {
             type: 'intercept', tool: context.toolName, severity, firewallResult,
-            threats, anomalyScore, action: 'require_approval', outcome: 'denied',
+            threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+            action: 'require_approval', outcome: 'denied',
             preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
         };
         emitAudit(entry);

package/dist/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
   "id": "shieldcortex-realtime",
-  "version": "4.32.1",
+  "version": "4.32.3",
   "name": "ShieldCortex Real-time Scanner",
   "description": "Real-time defence scanning on LLM input, memory extraction on LLM output, and active tool call interception with approval gating.",
   "kind": null,

package/index.ts

@@ -680,8 +680,9 @@ export async function scanLlmInput(event: LlmInputEvent, _ctx: AgentCtx): Promis
         };
         auditLog(entry);
         loadConfig()
-          // Pass the local entry as-is; cloudSync strips the input preview/content
-          // before transmit (metadata-only egress). No raw LLM input leaves here.
+          // Pass the local entry as-is; cloudSync rebuilds a canonical metadata-only
+          // entry from named fields and never reads preview/content. No raw LLM input
+          // leaves here.
           .then(cfg => cloudSync(entry, cfg))
           .catch(() => {});
       }

package/intercept-ingest.ts

@@ -1,4 +1,5 @@
 // plugins/openclaw/intercept-ingest.ts
+import { toAuditEntry } from './audit-entry.js';
 import type { InterceptAuditEntry } from './interceptor.js';
 
 interface CloudConfig {
@@ -10,23 +11,36 @@ interface CloudConfig {
 export function syncInterceptEvent(event: InterceptAuditEntry, config: CloudConfig): void {
   if (!config.cloudEnabled || !config.cloudApiKey) return;
 
-  const url = `${config.cloudBaseUrl}/v1/audit/ingest`;
-
-  // Privacy: forward audit METADATA only — strip the content preview so raw memory
-  // text never leaves the machine (ClawScan finding: previews may contain credentials
-  // or confidential data). The local audit JSONL retains the preview for triage.
-  const metadata: Record<string, unknown> = { ...event };
-  delete metadata.preview;
+  // Privacy: build a canonical audit entry from METADATA only — the content
+  // preview never leaves the machine (ClawScan finding: previews may contain
+  // credentials or confidential data). The local audit JSONL retains the
+  // preview for triage. toAuditEntry has no notion of preview/content.
+  const entry = toAuditEntry({
+    kind: 'intercept',
+    tool: event.tool,
+    firewallResult: event.firewallResult,
+    threats: event.threats,
+    anomalyScore: event.anomalyScore,
+    trustScore: event.trustScore,
+    sensitivityLevel: event.sensitivityLevel,
+    fragmentationScore: event.fragmentationScore,
+    outcome: event.outcome,
+    action: event.action,
+    pipelineDurationMs: event.pipelineDurationMs,
+    ts: event.ts,
+  });
+  if (!entry) return;
 
-  fetch(url, {
+  // SaaS /v1/audit/ingest requires { entries: [<canonical snake_case entry>] }
+  // (zod ingestSchema). The old { events: [...] } shape was rejected 400 and
+  // every interceptor POST was silently dropped.
+  fetch(`${config.cloudBaseUrl}/v1/audit/ingest`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
       Authorization: `Bearer ${config.cloudApiKey}`,
     },
-    body: JSON.stringify({
-      events: [{ ...metadata, source: 'openclaw-interceptor' }],
-    }),
+    body: JSON.stringify({ entries: [entry] }),
     signal: AbortSignal.timeout(5_000),
   }).catch(() => {
     // Fire-and-forget — never block on cloud sync failure

package/interceptor.ts

@@ -27,6 +27,10 @@ export interface InterceptAuditEntry {
   firewallResult: string;
   threats: string[];
   anomalyScore: number;
+  trustScore: number;                 // from the pipeline result's trust score
+  sensitivityLevel: string;           // from the pipeline result's sensitivity level
+  fragmentationScore: number | null;  // from the pipeline result's fragmentation score, or null
+  pipelineDurationMs: number;         // wall-clock ms around the runDefencePipeline call
   action: InterceptAction | 'auto_deny' | 'rate_limit';
   outcome: 'approved' | 'denied' | 'auto_denied' | 'logged' | 'warned' | 'failure_allowed' | 'failure_denied';
   preview: string;
@@ -271,6 +275,10 @@ function xrayMemoryGuard(content: string, title?: string): XRayGuardResult {
 
 // --- Interceptor Factory ---
 
+// Subset of shieldcortex/defence DefencePipelineResult (src/defence/pipeline.ts).
+// Field paths verified against src/defence/types.ts: trust.score (TrustScore.score),
+// sensitivity.level (SensitivityClassification.level), fragmentation.score
+// (FragmentationAnalysis.score; fragmentation itself is nullable).
 type PipelineRunner = (content: string, title: string, source: { type: string; identifier: string }) => {
   allowed: boolean;
   firewall: {
@@ -280,6 +288,9 @@ type PipelineRunner = (content: string, title: string, source: { type: string; i
     anomalyScore: number;
     blockedPatterns: string[];
   };
+  trust: { score: number };
+  sensitivity: { level: string };
+  fragmentation: { score: number } | null;
   auditId: number;
 };
 
@@ -319,7 +330,10 @@ export function createInterceptor(
       const xrayEntry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity: 'critical',
         firewallResult: 'BLOCK', threats: xrayResult.findings.map(f => f.category),
-        anomalyScore: 1, action: 'auto_deny', outcome: 'auto_denied',
+        anomalyScore: 1,
+        // X-Ray short-circuits before the pipeline runs — no pipeline result.
+        trustScore: 0, sensitivityLevel: 'INTERNAL', fragmentationScore: null, pipelineDurationMs: 0,
+        action: 'auto_deny', outcome: 'auto_denied',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
       emitAudit(xrayEntry);
@@ -330,19 +344,30 @@ export function createInterceptor(
     let firewallResult: string;
     let threats: string[];
     let anomalyScore: number;
+    let trustScore: number;
+    let sensitivityLevel: string;
+    let fragmentationScore: number | null;
+    let pipelineDurationMs: number;
 
     try {
+      const pipelineStart = Date.now();
       const result = pipeline(content, title, { type: 'agent', identifier: 'openclaw' });
+      pipelineDurationMs = Date.now() - pipelineStart;
       severity = mapSeverity(result.firewall);
       firewallResult = result.firewall.result;
       threats = result.firewall.threatIndicators;
       anomalyScore = result.firewall.anomalyScore;
+      trustScore = result.trust.score;
+      sensitivityLevel = result.sensitivity.level;
+      fragmentationScore = result.fragmentation?.score ?? null;
     } catch (err) {
       log.warn(`[shieldcortex] ⚠️ Defence pipeline error: ${err instanceof Error ? err.message : err}`);
       const failAction = config.failurePolicy.high;
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity: 'high',
         firewallResult: 'ERROR', threats: ['pipeline_error'], anomalyScore: 0,
+        // Pipeline threw — no result in scope, use documented defaults.
+        trustScore: 0, sensitivityLevel: 'INTERNAL', fragmentationScore: null, pipelineDurationMs: 0,
         action: 'require_approval', outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
@@ -356,7 +381,8 @@ export function createInterceptor(
     if (denyCache.isDenied(context.toolName, fullContent)) {
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'auto_deny', outcome: 'auto_denied',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'auto_deny', outcome: 'auto_denied',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
       emitAudit(entry);
@@ -368,7 +394,8 @@ export function createInterceptor(
     if (action === 'log') {
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'log', outcome: 'logged',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'log', outcome: 'logged',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
       emitAudit(entry);
@@ -379,7 +406,8 @@ export function createInterceptor(
       log.warn(`[shieldcortex] ⚠️ ${severity} risk in ${context.toolName}: ${threats.join(', ') || 'anomaly detected'}`);
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'warn', outcome: 'warned',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'warn', outcome: 'warned',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
       emitAudit(entry);
@@ -393,7 +421,8 @@ export function createInterceptor(
       log.warn(`[shieldcortex] ⚠️ requireApproval not available for ${severity} risk in ${context.toolName} — failure policy: ${failAction}`);
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'require_approval',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'require_approval',
         outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
@@ -408,7 +437,8 @@ export function createInterceptor(
       log.warn('[shieldcortex] ⚠️ Too many approval prompts — auto-denying');
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'rate_limit', outcome: 'auto_denied',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'rate_limit', outcome: 'auto_denied',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
       emitAudit(entry);
@@ -426,7 +456,8 @@ export function createInterceptor(
       log.warn(`[shieldcortex] ⚠️ requireApproval error: ${err instanceof Error ? err.message : err} — failure policy: ${failAction}`);
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'require_approval',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'require_approval',
         outcome: failAction === 'deny' ? 'failure_denied' : 'failure_allowed',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
@@ -440,7 +471,8 @@ export function createInterceptor(
     if (approved) {
       const entry: InterceptAuditEntry = {
         type: 'intercept', tool: context.toolName, severity, firewallResult,
-        threats, anomalyScore, action: 'require_approval', outcome: 'approved',
+        threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+        action: 'require_approval', outcome: 'approved',
         preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
       };
       emitAudit(entry);
@@ -451,7 +483,8 @@ export function createInterceptor(
     denyCache.addDenial(context.toolName, fullContent);
     const entry: InterceptAuditEntry = {
       type: 'intercept', tool: context.toolName, severity, firewallResult,
-      threats, anomalyScore, action: 'require_approval', outcome: 'denied',
+      threats, anomalyScore, trustScore, sensitivityLevel, fragmentationScore, pipelineDurationMs,
+      action: 'require_approval', outcome: 'denied',
       preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
     };
     emitAudit(entry);

package/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
   "id": "shieldcortex-realtime",
-  "version": "4.32.1",
+  "version": "4.32.3",
   "name": "ShieldCortex Real-time Scanner",
   "description": "Real-time defence scanning on LLM input, memory extraction on LLM output, and active tool call interception with approval gating.",
   "kind": null,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@drakon-systems/shieldcortex-realtime",
-  "version": "4.32.1",
+  "version": "4.32.3",
   "description": "OpenClaw plugin for ShieldCortex real-time defence scanning and optional memory extraction.",
   "type": "module",
   "main": "./dist/index.js",