shieldcortex 2.8.3 → 2.9.0

package/dist/audit/mcp-config-scanner.js

@@ -0,0 +1,177 @@
+/**
+ * MCP Config Scanner
+ *
+ * Scans MCP server configuration files for:
+ *   - Known-vulnerable MCP servers (e.g., mcp-remote CVE-2025-6514)
+ *   - Suspicious server configurations (external URLs, unknown servers)
+ *   - Servers with overly permissive permissions
+ */
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+const LEARN_MORE = 'https://shieldcortex.ai/docs/threats/mcp-security';
+const KNOWN_VULNERABLE_SERVERS = [
+    {
+        name: 'mcp-remote',
+        cve: 'CVE-2025-6514',
+        severity: 'critical',
+        description: 'mcp-remote allows arbitrary OS command execution when connecting to untrusted servers (CVSS 9.6). Update to latest version.',
+    },
+    {
+        name: '@anthropic/mcp-remote',
+        cve: 'CVE-2025-6514',
+        severity: 'critical',
+        description: 'mcp-remote allows arbitrary OS command execution when connecting to untrusted servers (CVSS 9.6). Update to latest version.',
+    },
+];
+// ── Suspicious Patterns ──
+const SUSPICIOUS_URL_PATTERNS = [
+    { pattern: /https?:\/\/\d+\.\d+\.\d+\.\d+/i, reason: 'MCP server connects to raw IP address' },
+    { pattern: /https?:\/\/[^/]*\.(ru|cn|xyz|top|buzz|quest)\//i, reason: 'MCP server connects to suspicious TLD' },
+    { pattern: /ngrok\.io|serveo\.net|localhost\.run|loca\.lt/i, reason: 'MCP server connects to tunnelling service' },
+];
+const DANGEROUS_FLAGS = [
+    { flag: '--dangerously-skip-permissions', severity: 'critical', description: 'Disables all permission checks — agent can execute any tool without confirmation' },
+    { flag: '--no-verify', severity: 'high', description: 'Skips verification checks' },
+    { flag: '--trust-all-tools', severity: 'critical', description: 'Trusts all tools without verification' },
+    { flag: '--yolo', severity: 'critical', description: 'Disables safety checks' },
+    { flag: 'dangerouslyDisableSandbox', severity: 'critical', description: 'Disables sandbox protection' },
+];
+function getConfigLocations() {
+    const home = homedir();
+    const cwd = process.cwd();
+    return [
+        // Claude Code / OpenClaw
+        { path: join(home, '.claude', 'mcp.json'), name: 'Claude Code (global)' },
+        { path: join(cwd, '.claude', 'mcp.json'), name: 'Claude Code (project)' },
+        { path: join(home, '.openclaw', 'mcp.json'), name: 'OpenClaw (global)' },
+        // Claude Desktop
+        { path: join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'), name: 'Claude Desktop' },
+        // VS Code / Copilot
+        { path: join(home, '.vscode', 'mcp.json'), name: 'VS Code (global)' },
+        { path: join(cwd, '.vscode', 'mcp.json'), name: 'VS Code (project)' },
+        // Cursor
+        { path: join(home, '.cursor', 'mcp.json'), name: 'Cursor (global)' },
+        { path: join(cwd, '.cursor', 'mcp.json'), name: 'Cursor (project)' },
+        // Windsurf
+        { path: join(home, '.windsurf', 'mcp.json'), name: 'Windsurf (global)' },
+    ];
+}
+/**
+ * Parse and scan a single MCP config file.
+ */
+function scanConfigFile(location) {
+    const findings = [];
+    let content;
+    try {
+        content = readFileSync(location.path, 'utf-8');
+    }
+    catch {
+        return findings;
+    }
+    let config;
+    try {
+        config = JSON.parse(content);
+    }
+    catch {
+        findings.push({
+            scanner: 'mcp-config',
+            severity: 'medium',
+            title: 'Malformed MCP config',
+            description: `${location.name} MCP config file contains invalid JSON — may have been tampered with.`,
+            filePath: location.path,
+            learnMoreUrl: LEARN_MORE,
+        });
+        return findings;
+    }
+    // Extract servers from various config formats
+    const servers = extractServers(config);
+    for (const [serverName, serverConfig] of Object.entries(servers)) {
+        const configStr = JSON.stringify(serverConfig);
+        // Check against known vulnerable servers
+        for (const vuln of KNOWN_VULNERABLE_SERVERS) {
+            if (serverName === vuln.name || configStr.includes(vuln.name)) {
+                findings.push({
+                    scanner: 'mcp-config',
+                    severity: vuln.severity,
+                    title: `Known vulnerable MCP server: ${vuln.name}`,
+                    description: `${vuln.description}${vuln.cve ? ` (${vuln.cve})` : ''}`,
+                    filePath: location.path,
+                    learnMoreUrl: LEARN_MORE,
+                });
+            }
+        }
+        // Check for suspicious URLs
+        for (const { pattern, reason } of SUSPICIOUS_URL_PATTERNS) {
+            if (pattern.test(configStr)) {
+                const match = configStr.match(pattern);
+                findings.push({
+                    scanner: 'mcp-config',
+                    severity: 'medium',
+                    title: reason,
+                    description: `Server "${serverName}" in ${location.name} connects to a potentially unsafe endpoint.`,
+                    filePath: location.path,
+                    matchedText: match?.[0]?.slice(0, 80),
+                    learnMoreUrl: LEARN_MORE,
+                });
+            }
+        }
+        // Check for dangerous flags in args
+        for (const { flag, severity, description } of DANGEROUS_FLAGS) {
+            if (configStr.includes(flag)) {
+                findings.push({
+                    scanner: 'mcp-config',
+                    severity,
+                    title: `Dangerous flag in MCP config: ${flag}`,
+                    description: `Server "${serverName}" in ${location.name}: ${description}`,
+                    filePath: location.path,
+                    matchedText: flag,
+                    learnMoreUrl: LEARN_MORE,
+                });
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Extract server definitions from various MCP config formats.
+ * Handles both { mcpServers: {...} } and { servers: {...} } formats.
+ */
+function extractServers(config) {
+    if (config.mcpServers && typeof config.mcpServers === 'object') {
+        return config.mcpServers;
+    }
+    if (config.servers && typeof config.servers === 'object') {
+        return config.servers;
+    }
+    return {};
+}
+/**
+ * Run the MCP config scanner.
+ */
+export function scanMcpConfigs() {
+    const start = Date.now();
+    const locations = getConfigLocations();
+    const existingLocations = locations.filter(l => existsSync(l.path));
+    if (existingLocations.length === 0) {
+        return {
+            name: 'MCP Config Scanner',
+            itemsScanned: 0,
+            findings: [],
+            durationMs: Date.now() - start,
+            skipped: true,
+            skipReason: 'No MCP configuration files found',
+        };
+    }
+    const allFindings = [];
+    for (const location of existingLocations) {
+        allFindings.push(...scanConfigFile(location));
+    }
+    return {
+        name: 'MCP Config Scanner',
+        itemsScanned: existingLocations.length,
+        findings: allFindings,
+        durationMs: Date.now() - start,
+    };
+}
+//# sourceMappingURL=mcp-config-scanner.js.map

package/dist/audit/mcp-config-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-config-scanner.js","sourceRoot":"","sources":["../../src/audit/mcp-config-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAG7B,MAAM,UAAU,GAAG,mDAAmD,CAAC;AAavE,MAAM,wBAAwB,GAAuB;IACnD;QACE,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6HAA6H;KAC3I;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6HAA6H;KAC3I;CACF,CAAC;AAEF,4BAA4B;AAE5B,MAAM,uBAAuB,GAAG;IAC9B,EAAE,OAAO,EAAE,gCAAgC,EAAE,MAAM,EAAE,uCAAuC,EAAE;IAC9F,EAAE,OAAO,EAAE,iDAAiD,EAAE,MAAM,EAAE,uCAAuC,EAAE;IAC/G,EAAE,OAAO,EAAE,gDAAgD,EAAE,MAAM,EAAE,2CAA2C,EAAE;CACnH,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,EAAE,IAAI,EAAE,gCAAgC,EAAE,QAAQ,EAAE,UAAmB,EAAE,WAAW,EAAE,kFAAkF,EAAE;IAC1K,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAe,EAAE,WAAW,EAAE,2BAA2B,EAAE;IAC5F,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAmB,EAAE,WAAW,EAAE,uCAAuC,EAAE;IAClH,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAmB,EAAE,WAAW,EAAE,wBAAwB,EAAE;IACxF,EAAE,IAAI,EAAE,2BAA2B,EAAE,QAAQ,EAAE,UAAmB,EAAE,WAAW,EAAE,6BAA6B,EAAE;CACjH,CAAC;AASF,SAAS,kBAAkB;IACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAE1B,OAAO;QACL,yBAAyB;QACzB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE;QACzE,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE;QACzE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE;QACxE,iBAAiB;QACjB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,EAAE,4BAA4B,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE;QACtH,oBAAoB;QACpB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE;QACrE,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE;QACrE,SAAS;QACT,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE;QACpE,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE;QACpE,WAAW;QACX,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE;KACzE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAwB;IAC9C,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,YAAY;YACrB,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sBAAsB;YAC7B,WAAW,EAAE,GAAG,QAAQ,CAAC,IAAI,uEAAuE;YACpG,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,YAAY,EAAE,UAAU;SACzB,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,8CAA8C;IAC9C,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAEvC,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACjE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAE/C,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,wBAAwB,EAAE,CAAC;YAC5C,IAAI,UAAU,KAAK,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9D,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,YAAY;oBACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,KAAK,EAAE,gCAAgC,IAAI,CAAC,IAAI,EAAE;oBAClD,WAAW,EAAE,GAAG,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;oBACrE,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,YAAY,EAAE,UAAU;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,uBAAuB,EAAE,CAAC;YAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,YAAY;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,MAAM;oBACb,WAAW,EAAE,WAAW,UAAU,QAAQ,QAAQ,CAAC,IAAI,6CAA6C;oBACpG,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACrC,YAAY,EAAE,UAAU;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,eAAe,EAAE,CAAC;YAC9D,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,YAAY;oBACrB,QAAQ;oBACR,KAAK,EAAE,iCAAiC,IAAI,EAAE;oBAC9C,WAAW,EAAE,WAAW,UAAU,QAAQ,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE;oBACzE,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,WAAW,EAAE,IAAI;oBACjB,YAAY,EAAE,UAAU;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,MAA+B;IACrD,IAAI,MAAM,CAAC,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC/D,OAAO,MAAM,CAAC,UAAqC,CAAC;IACtD,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzD,OAAO,MAAM,CAAC,OAAkC,CAAC;IACnD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;IACvC,MAAM,iBAAiB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEpE,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,IAAI,EAAE,oBAAoB;YAC1B,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC9B,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,kCAAkC;SAC/C,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAmB,EAAE,CAAC;IACvC,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;QACzC,WAAW,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,IAAI,EAAE,oBAAoB;QAC1B,YAAY,EAAE,iBAAiB,CAAC,MAAM;QACtC,QAAQ,EAAE,WAAW;QACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC"}

package/dist/audit/memory-scanner.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Memory Scanner
+ *
+ * Scans AI agent memory files for planted instructions, poisoned
+ * memories, and suspicious content. Checks:
+ *   - ~/.claude/ project memory files (CLAUDE.md, memory/)
+ *   - ~/.shieldcortex/ memory database
+ *   - Cursor/Windsurf persistent memory locations
+ */
+import type { ScannerResult } from './types.js';
+/**
+ * Run the memory scanner.
+ */
+export declare function scanMemories(): ScannerResult;
+//# sourceMappingURL=memory-scanner.d.ts.map

package/dist/audit/memory-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-scanner.d.ts","sourceRoot":"","sources":["../../src/audit/memory-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAgB,aAAa,EAAE,MAAM,YAAY,CAAC;AAiL9D;;GAEG;AACH,wBAAgB,YAAY,IAAI,aAAa,CA0B5C"}

package/dist/audit/memory-scanner.js

@@ -0,0 +1,205 @@
+/**
+ * Memory Scanner
+ *
+ * Scans AI agent memory files for planted instructions, poisoned
+ * memories, and suspicious content. Checks:
+ *   - ~/.claude/ project memory files (CLAUDE.md, memory/)
+ *   - ~/.shieldcortex/ memory database
+ *   - Cursor/Windsurf persistent memory locations
+ */
+import { existsSync, readdirSync, readFileSync, statSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { runDefencePipeline } from '../defence/pipeline.js';
+const LEARN_MORE = 'https://shieldcortex.ai/docs/threats/memory-poisoning';
+/** Maximum file size to scan (1 MB) */
+const MAX_FILE_SIZE = 1024 * 1024;
+/** Maximum number of memory files to scan */
+const MAX_FILES = 200;
+/** Source for pipeline scans */
+const AUDIT_SOURCE = { type: 'cli', identifier: 'shieldcortex-audit' };
+/**
+ * Find memory-related files across known AI agent locations.
+ */
+function discoverMemoryFiles() {
+    const home = homedir();
+    const files = [];
+    const addIfFile = (p) => {
+        try {
+            if (existsSync(p) && statSync(p).isFile() && statSync(p).size <= MAX_FILE_SIZE) {
+                files.push(p);
+            }
+        }
+        catch { /* ignore */ }
+    };
+    /** Directories that are NOT agent memory and should be skipped */
+    const SKIP_DIRS = new Set([
+        'node_modules', 'extensions', 'cache', 'logs', 'crashReports',
+        'CachedData', 'CachedExtensions', 'CachedExtensionVSIXs',
+        'User', 'Code', 'globalStorage', 'workspaceStorage',
+    ]);
+    const walkDir = (dir, patterns, maxDepth = 3) => {
+        const walk = (d, depth) => {
+            if (depth > maxDepth || files.length >= MAX_FILES)
+                return;
+            try {
+                if (!existsSync(d))
+                    return;
+                const entries = readdirSync(d, { withFileTypes: true });
+                for (const entry of entries) {
+                    if (files.length >= MAX_FILES)
+                        return;
+                    const full = join(d, entry.name);
+                    if (entry.isFile() && patterns.some(p => p.test(entry.name))) {
+                        try {
+                            if (statSync(full).size <= MAX_FILE_SIZE)
+                                files.push(full);
+                        }
+                        catch { /* ignore */ }
+                    }
+                    else if (entry.isDirectory() && !entry.name.startsWith('.') && !SKIP_DIRS.has(entry.name)) {
+                        walk(full, depth + 1);
+                    }
+                }
+            }
+            catch { /* ignore */ }
+        };
+        walk(dir, 0);
+    };
+    // Claude Code project memories
+    walkDir(join(home, '.claude', 'projects'), [/\.md$/], 4);
+    // Claude Code global CLAUDE.md
+    addIfFile(join(home, '.claude', 'CLAUDE.md'));
+    // Note: settings.json is excluded — it contains legitimate permission
+    // patterns that trigger false positives in the defence pipeline.
+    // Cursor — only scan known memory/rules locations, NOT extensions
+    addIfFile(join(home, '.cursor', 'rules', 'global.md'));
+    walkDir(join(home, '.cursor', 'rules'), [/\.md$/, /\.mdc$/], 2);
+    walkDir(join(home, '.cursor', 'memories'), [/\.md$/, /\.json$/], 2);
+    // Windsurf — known memory locations
+    walkDir(join(home, '.windsurf', 'memories'), [/\.md$/, /\.json$/], 2);
+    walkDir(join(home, '.windsurf', 'rules'), [/\.md$/, /\.mdc$/], 2);
+    // CWD-relative project memory files
+    const cwd = process.cwd();
+    addIfFile(join(cwd, 'CLAUDE.md'));
+    walkDir(join(cwd, '.claude', 'commands'), [/\.md$/], 2);
+    return files;
+}
+/**
+ * Scan a single memory file through the defence pipeline.
+ */
+function scanMemoryFile(filePath) {
+    const findings = [];
+    let content;
+    try {
+        content = readFileSync(filePath, 'utf-8');
+    }
+    catch {
+        return findings;
+    }
+    if (!content.trim())
+        return findings;
+    // Run through the defence pipeline
+    try {
+        const result = runDefencePipeline(content, `audit:${filePath}`, AUDIT_SOURCE);
+        if (result.firewall.result === 'BLOCK') {
+            findings.push({
+                scanner: 'memory',
+                severity: 'critical',
+                title: 'Blocked content in memory file',
+                description: `Defence pipeline blocked this file: ${result.firewall.reason}`,
+                filePath,
+                matchedText: result.firewall.blockedPatterns.join(', ').slice(0, 120),
+                learnMoreUrl: LEARN_MORE,
+            });
+        }
+        else if (result.firewall.result === 'QUARANTINE') {
+            findings.push({
+                scanner: 'memory',
+                severity: 'high',
+                title: 'Suspicious content in memory file',
+                description: `Defence pipeline flagged this file for quarantine: ${result.firewall.reason}`,
+                filePath,
+                matchedText: result.firewall.blockedPatterns.join(', ').slice(0, 120),
+                learnMoreUrl: LEARN_MORE,
+            });
+        }
+        // Check for specific threat indicators
+        for (const indicator of result.firewall.threatIndicators) {
+            if (indicator === 'instruction_injection') {
+                findings.push({
+                    scanner: 'memory',
+                    severity: 'critical',
+                    title: 'Prompt injection detected in memory',
+                    description: 'This memory file contains instruction injection patterns that could hijack agent behaviour.',
+                    filePath,
+                    learnMoreUrl: LEARN_MORE,
+                });
+            }
+            else if (indicator === 'privilege_escalation') {
+                findings.push({
+                    scanner: 'memory',
+                    severity: 'high',
+                    title: 'Privilege escalation in memory',
+                    description: 'This memory file references sensitive system paths or elevated permissions.',
+                    filePath,
+                    learnMoreUrl: LEARN_MORE,
+                });
+            }
+        }
+        // Check for credential leaks in memory
+        if (result.credentialScan && result.credentialScan.findings.length > 0) {
+            for (const cf of result.credentialScan.findings) {
+                findings.push({
+                    scanner: 'memory',
+                    severity: cf.severity === 'critical' ? 'critical' : cf.severity === 'high' ? 'high' : 'medium',
+                    title: `Credential leaked in memory: ${cf.provider || cf.type}`,
+                    description: `A ${cf.type} credential was found stored in agent memory. This could be exfiltrated by a malicious prompt.`,
+                    filePath,
+                    matchedText: cf.match,
+                    learnMoreUrl: 'https://shieldcortex.ai/docs/threats/credential-leak',
+                });
+            }
+        }
+    }
+    catch {
+        // Pipeline errors shouldn't crash the audit
+    }
+    // Deduplicate findings for the same file (keep the highest severity)
+    const seen = new Set();
+    return findings.filter(f => {
+        const key = `${f.title}:${f.filePath}`;
+        if (seen.has(key))
+            return false;
+        seen.add(key);
+        return true;
+    });
+}
+/**
+ * Run the memory scanner.
+ */
+export function scanMemories() {
+    const start = Date.now();
+    const files = discoverMemoryFiles();
+    if (files.length === 0) {
+        return {
+            name: 'Memory Scanner',
+            itemsScanned: 0,
+            findings: [],
+            durationMs: Date.now() - start,
+            skipped: true,
+            skipReason: 'No AI agent memory files found',
+        };
+    }
+    const allFindings = [];
+    for (const file of files) {
+        allFindings.push(...scanMemoryFile(file));
+    }
+    return {
+        name: 'Memory Scanner',
+        itemsScanned: files.length,
+        findings: allFindings,
+        durationMs: Date.now() - start,
+    };
+}
+//# sourceMappingURL=memory-scanner.js.map

package/dist/audit/memory-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-scanner.js","sourceRoot":"","sources":["../../src/audit/memory-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAE7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAG5D,MAAM,UAAU,GAAG,uDAAuD,CAAC;AAE3E,uCAAuC;AACvC,MAAM,aAAa,GAAG,IAAI,GAAG,IAAI,CAAC;AAElC,6CAA6C;AAC7C,MAAM,SAAS,GAAG,GAAG,CAAC;AAEtB,gCAAgC;AAChC,MAAM,YAAY,GAAkB,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,oBAAoB,EAAE,CAAC;AAEtF;;GAEG;AACH,SAAS,mBAAmB;IAC1B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE;QAC9B,IAAI,CAAC;YACH,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,aAAa,EAAE,CAAC;gBAC/E,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAC1B,CAAC,CAAC;IAEF,kEAAkE;IAClE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;QACxB,cAAc,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc;QAC7D,YAAY,EAAE,kBAAkB,EAAE,sBAAsB;QACxD,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,kBAAkB;KACpD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,CAAC,GAAW,EAAE,QAAkB,EAAE,QAAQ,GAAG,CAAC,EAAE,EAAE;QAChE,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,KAAa,EAAE,EAAE;YACxC,IAAI,KAAK,GAAG,QAAQ,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS;gBAAE,OAAO;YAC1D,IAAI,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;oBAAE,OAAO;gBAC3B,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;gBACxD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS;wBAAE,OAAO;oBACtC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;oBACjC,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;wBAC7D,IAAI,CAAC;4BACH,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,aAAa;gCAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAC7D,CAAC;wBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;oBAC1B,CAAC;yBAAM,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC5F,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;oBACxB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAC1B,CAAC,CAAC;QACF,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACf,CAAC,CAAC;IAEF,+BAA+B;IAC/B,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;IAEzD,+BAA+B;IAC/B,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;IAE9C,sEAAsE;IACtE,iEAAiE;IAEjE,kEAAkE;IAClE,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IAEpE,oCAAoC;IACpC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAElE,oCAAoC;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;IAClC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;IAExD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IAErC,mCAAmC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,EAAE,SAAS,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;QAE9E,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,uCAAuC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;gBAC5E,QAAQ;gBACR,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBACrE,YAAY,EAAE,UAAU;aACzB,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,mCAAmC;gBAC1C,WAAW,EAAE,sDAAsD,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;gBAC3F,QAAQ;gBACR,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBACrE,YAAY,EAAE,UAAU;aACzB,CAAC,CAAC;QACL,CAAC;QAED,uCAAuC;QACvC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YACzD,IAAI,SAAS,KAAK,uBAAuB,EAAE,CAAC;gBAC1C,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,QAAQ;oBACjB,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,qCAAqC;oBAC5C,WAAW,EAAE,6FAA6F;oBAC1G,QAAQ;oBACR,YAAY,EAAE,UAAU;iBACzB,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,SAAS,KAAK,sBAAsB,EAAE,CAAC;gBAChD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,QAAQ;oBACjB,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,gCAAgC;oBACvC,WAAW,EAAE,6EAA6E;oBAC1F,QAAQ;oBACR,YAAY,EAAE,UAAU;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvE,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;gBAChD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,QAAQ;oBACjB,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;oBAC9F,KAAK,EAAE,gCAAgC,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,IAAI,EAAE;oBAC/D,WAAW,EAAE,KAAK,EAAE,CAAC,IAAI,gGAAgG;oBACzH,QAAQ;oBACR,WAAW,EAAE,EAAE,CAAC,KAAK;oBACrB,YAAY,EAAE,sDAAsD;iBACrE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;IAC9C,CAAC;IAED,qEAAqE;IACrE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IAEpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC9B,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,gCAAgC;SAC7C,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAmB,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,WAAW,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,QAAQ,EAAE,WAAW;QACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC"}

package/dist/audit/report-formatter.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Report Formatter
+ *
+ * Formats the audit report for terminal output with:
+ *   - ASCII art shield header
+ *   - Security grade (A-F)
+ *   - Colour-coded findings by severity
+ *   - Summary statistics
+ *   - Markdown export mode for CI/GitHub
+ */
+import type { AuditReport } from './types.js';
+/**
+ * Format an audit report for terminal display.
+ */
+export declare function formatTerminalReport(report: AuditReport): string;
+/**
+ * Format an audit report as markdown (for GitHub PR comments).
+ */
+export declare function formatMarkdownReport(report: AuditReport): string;
+/**
+ * Format an audit report as JSON (for programmatic consumption).
+ */
+export declare function formatJsonReport(report: AuditReport): string;
+//# sourceMappingURL=report-formatter.d.ts.map

package/dist/audit/report-formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-formatter.d.ts","sourceRoot":"","sources":["../../src/audit/report-formatter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,WAAW,EAA0D,MAAM,YAAY,CAAC;AA6FtG;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAwFhE;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CA8ChE;AAID;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAE5D"}