shieldcortex 3.0.1 → 3.0.3

package/dist/defence/credential-leak/patterns.js

@@ -165,6 +165,62 @@ export const API_KEY_PATTERNS = [
         confidence: 0.30,
         // UUIDs are very common — only flagged as low confidence
     },
+    // Hugging Face
+    {
+        name: 'Hugging Face API Token',
+        type: 'api_key',
+        provider: 'huggingface',
+        regex: /hf_[A-Za-z0-9]{34,}/g,
+        severity: 'critical',
+        confidence: 0.96,
+    },
+    // Databricks
+    {
+        name: 'Databricks API Token',
+        type: 'api_key',
+        provider: 'databricks',
+        regex: /dapi[a-f0-9]{32,}/g,
+        severity: 'critical',
+        confidence: 0.94,
+    },
+    // DigitalOcean
+    {
+        name: 'DigitalOcean Personal Access Token',
+        type: 'api_key',
+        provider: 'digitalocean',
+        regex: /dop_v1_[a-f0-9]{64}/g,
+        severity: 'critical',
+        confidence: 0.97,
+    },
+    // Firebase Cloud Messaging
+    {
+        name: 'Firebase Cloud Messaging Key',
+        type: 'api_key',
+        provider: 'firebase',
+        regex: /AAAA[A-Za-z0-9_-]{40,}/g,
+        severity: 'critical',
+        confidence: 0.90,
+        minLength: 44,
+    },
+    // HashiCorp Vault
+    {
+        name: 'HashiCorp Vault Token',
+        type: 'api_key',
+        provider: 'hashicorp',
+        regex: /hvs\.[A-Za-z0-9_-]{24,}/g,
+        severity: 'critical',
+        confidence: 0.96,
+    },
+    // Azure Subscription Key
+    {
+        name: 'Azure Subscription Key',
+        type: 'api_key',
+        provider: 'azure',
+        regex: /[a-f0-9]{32}/g,
+        severity: 'medium',
+        confidence: 0.35,
+        minLength: 32,
+    },
 ];
 // ── Generic Secret Patterns ──
 export const GENERIC_SECRET_PATTERNS = [

package/dist/defence/firewall/encoding-detector.js

@@ -16,7 +16,7 @@ const ZERO_WIDTH_PATTERN = /[\u200B\u200C\u200D\uFEFF]/g;
 const RTL_OVERRIDE_PATTERN = /\u202E/g;
 // Unicode homoglyphs — Cyrillic characters that look like Latin
 const CYRILLIC_HOMOGLYPHS = /[\u0430\u0435\u043E\u0440\u0441\u0443\u0445\u0410\u0412\u0415\u041A\u041C\u041D\u041E\u0420\u0421\u0422\u0423\u0425]/g;
-function tryBase64Decode(str) {
+function tryBase64DecodeSingle(str) {
     try {
         const decoded = Buffer.from(str, 'base64').toString('utf-8');
         // Check if decoded result looks like readable text (mostly printable ASCII)
@@ -30,6 +30,21 @@ function tryBase64Decode(str) {
         return null;
     }
 }
+function tryBase64Decode(str, maxDepth = 3) {
+    const decoded = tryBase64DecodeSingle(str);
+    if (!decoded)
+        return null;
+    if (maxDepth > 1) {
+        const innerMatch = decoded.match(BASE64_PATTERN);
+        if (innerMatch) {
+            const innerDecoded = tryBase64Decode(innerMatch[0], maxDepth - 1);
+            if (innerDecoded) {
+                return `${decoded} → ${innerDecoded}`;
+            }
+        }
+    }
+    return decoded;
+}
 function tryHexDecode(str) {
     try {
         const hexChars = str.replace(/0x|\\x|\s/g, '');

package/dist/defence/firewall/instruction-detector.js

@@ -22,6 +22,10 @@ const PATTERN_GROUPS = [
             /^\[system\]/im,
             /^<system>/im,
             /<\/system>/i,
+            /##SYSTEM##/i,
+            /\{SYSTEM\}/i,
+            /<brain>/i,
+            /<\/brain>/i,
         ],
     },
     {
@@ -36,6 +40,9 @@ const PATTERN_GROUPS = [
             /pretend\s+to\s+be/i,
             /disregard\s+(all\s+)?(previous|above|prior)/i,
             /override\s+(previous|all|system)/i,
+            /summari[sz]e\s+your\s+system\s+prompt/i,
+            /repeat\s+your\s+instructions/i,
+            /what\s+are\s+your\s+rules/i,
         ],
     },
     {
@@ -96,6 +103,17 @@ const PATTERN_GROUPS = [
             /\b(disable|remove|bypass|turn\s+off)\s+(all\s+)?(filter|security|protection|safet)/i,
         ],
     },
+    {
+        name: 'prompt_extraction',
+        weight: 0.75,
+        patterns: [
+            /output\s+your\s+prompt/i,
+            /show\s+me\s+your\s+instructions/i,
+            /what\s+were\s+you\s+told/i,
+            /display\s+your\s+(system\s+)?prompt/i,
+            /reveal\s+your\s+instructions/i,
+        ],
+    },
 ];
 // Maximum content length to scan (prevents ReDOS on very long inputs)
 const MAX_SCAN_LENGTH = 50000;

package/dist/defence/input-sanitisation/index.js

@@ -17,7 +17,7 @@ const ZERO_WIDTH = /[\u200B\u200C\u200D\uFEFF\u2060\u180E]/g;
 /** BOM (Byte Order Mark) — can confuse parsers */
 const BOM = /^\uFEFF/;
 /** Bidirectional override characters — can visually reorder text to disguise content */
-const BIDI_OVERRIDES = /[\u202A-\u202E\u2066-\u2069]/g;
+const BIDI_OVERRIDES = /[\u200E\u200F\u202A-\u202E\u2066-\u2069]/g;
 /** Unusual Unicode separators that can break tokenisation */
 const HOMOGLYPH_SEPARATORS = /[\u2028\u2029\u00A0\u1680\u2000-\u200A\u205F\u3000]/g;
 /**
@@ -28,6 +28,8 @@ const HOMOGLYPH_SEPARATORS = /[\u2028\u2029\u00A0\u1680\u2000-\u200A\u205F\u3000
 export function sanitiseInput(content) {
     let sanitised = content;
     const strippedCategories = [];
+    // 0. Unicode NFKC normalisation — collapse combining characters to canonical forms
+    sanitised = sanitised.normalize('NFKC');
     // 1. Null bytes
     if (NULL_BYTES.test(sanitised)) {
         strippedCategories.push('null_byte');

package/dist/defence/quarantine/auto-expire.d.ts

@@ -12,3 +12,12 @@
  * @returns Number of items expired (rejected)
  */
 export declare function expireQuarantineItems(ttlDays?: number): number;
+/**
+ * Prune old reviewed quarantine items and warn on capacity issues.
+ * - Deletes approved/rejected/expired items older than 90 days
+ * - Warns if pending count exceeds 10,000
+ * - Warns if any single source has >500 pending items
+ *
+ * @returns Number of items pruned
+ */
+export declare function pruneQuarantine(retentionDays?: number): number;

package/dist/defence/quarantine/auto-expire.js

@@ -33,5 +33,44 @@ export function expireQuarantineItems(ttlDays = 7) {
     if (result.changes > 0) {
         console.error(`[quarantine] Auto-expired ${result.changes} item(s) after ${ttlDays} days`);
     }
+    // Prune old reviewed items
+    pruneQuarantine();
+    return result.changes;
+}
+/**
+ * Prune old reviewed quarantine items and warn on capacity issues.
+ * - Deletes approved/rejected/expired items older than 90 days
+ * - Warns if pending count exceeds 10,000
+ * - Warns if any single source has >500 pending items
+ *
+ * @returns Number of items pruned
+ */
+export function pruneQuarantine(retentionDays = 90) {
+    const db = getDatabase();
+    // Delete reviewed items older than retention period
+    const result = db.prepare(`
+    DELETE FROM quarantine
+    WHERE status IN ('approved', 'rejected', 'expired')
+      AND reviewed_at IS NOT NULL
+      AND reviewed_at < datetime('now', '-' || ? || ' days')
+  `).run(retentionDays);
+    if (result.changes > 0) {
+        console.error(`[quarantine] Pruned ${result.changes} reviewed item(s) older than ${retentionDays} days`);
+    }
+    // Warn on total pending count
+    const totalPending = db.prepare("SELECT COUNT(*) as count FROM quarantine WHERE status = 'pending'").get();
+    if (totalPending.count > 10000) {
+        console.error(`[quarantine] WARNING: ${totalPending.count} pending items — review or increase auto-expiry frequency`);
+    }
+    // Warn on per-source pending count
+    const hotSources = db.prepare(`
+    SELECT source_identifier, COUNT(*) as count FROM quarantine
+    WHERE status = 'pending'
+    GROUP BY source_identifier
+    HAVING count > 500
+  `).all();
+    for (const src of hotSources) {
+        console.error(`[quarantine] WARNING: Source "${src.source_identifier}" has ${src.count} pending items`);
+    }
     return result.changes;
 }

package/dist/memory/store.js

@@ -77,6 +77,18 @@ function escapeFts5Query(query) {
         .split(/\s+/)
         .filter(term => term.length > 0)
         .map(term => {
+        // Replace apostrophes with spaces — FTS5 porter unicode61 tokenizer treats
+        // apostrophes as word separators during indexing ("don't" → "don" + "t").
+        // We must split the same way so queries match the indexed tokens.
+        if (term.includes("'")) {
+            const parts = term.split("'").filter(p => p.length > 0);
+            // Recursively escape each part and join with spaces
+            return parts.map(p => {
+                if (/[^a-zA-Z0-9_]/.test(p))
+                    return `"${p.replace(/"/g, '""')}"`;
+                return p;
+            }).join(' ');
+        }
         // FTS5 boolean operators - quote them to search literally
         const upperTerm = term.toUpperCase();
         if (upperTerm === 'AND' || upperTerm === 'OR' || upperTerm === 'NOT') {
@@ -90,6 +102,7 @@ function escapeFts5Query(query) {
         }
         return term;
     })
+        .filter(Boolean)
         .join(' ');
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "3.0.1",
+  "version": "3.0.3",
   "description": "Persistent brain for AI agents. Knowledge graphs, memory decay, contradiction detection, Iron Dome behaviour protection — plus the only defence pipeline that stops memory poisoning. Works with Claude Code, OpenClaw, LangChain, and any MCP agent.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",