shieldcortex 3.4.28 → 3.4.30

package/dist/license/cli.js

@@ -5,9 +5,15 @@
  * shieldcortex license status
  * shieldcortex license deactivate
  */
-import { activateLicense, deactivateLicense, getLicense, getLicenseFile } from './store.js';
+import { activateLicense, deactivateLicense, getLicense, getLicenseFile, getTrialStatus } from './store.js';
 import { listFeatures } from './gate.js';
 import { validateOnceNow } from './validate.js';
+import { existsSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+function getLicenseFilePath() {
+    return join(process.env.SHIELDCORTEX_CONFIG_DIR || join(homedir(), '.shieldcortex'), 'license.json');
+}
 const bold = '\x1b[1m';
 const reset = '\x1b[0m';
 const green = '\x1b[32m';
@@ -72,31 +78,53 @@ async function handleActivate(key) {
 function handleStatus() {
     const info = getLicense();
     const file = getLicenseFile();
+    const licenseFileExists = existsSync(getLicenseFilePath());
+    const trial = getTrialStatus(licenseFileExists);
     console.log(`\n${bold}ShieldCortex Licence${reset}`);
     console.log('═'.repeat(40));
-    console.log(`  Tier:       ${tierBadge(info.tier)}`);
-    if (info.tier === 'free') {
-        console.log(`\n  No licence activated.`);
-        console.log(`  Upgrade at ${cyan}https://shieldcortex.ai/pricing${reset}`);
-        console.log(`  Activate:  shieldcortex license activate <key>\n`);
-        return;
-    }
-    console.log(`  Email:      ${info.email}`);
-    if (info.expiresAt) {
-        const daysStr = info.daysUntilExpiry !== null && info.daysUntilExpiry > 0
-            ? `(${info.daysUntilExpiry} days remaining)`
-            : info.daysUntilExpiry !== null && info.daysUntilExpiry <= 0
-                ? `${red}(expired)${reset}`
-                : '';
-        console.log(`  Expires:    ${info.expiresAt.toLocaleDateString()} ${daysStr}`);
+    if (info.valid) {
+        // Paid license active — show full license info, no trial messaging
+        console.log(`  Tier:       ${tierBadge(info.tier)}`);
+        console.log(`  Email:      ${info.email}`);
+        if (info.expiresAt) {
+            const daysStr = info.daysUntilExpiry !== null && info.daysUntilExpiry > 0
+                ? `(${info.daysUntilExpiry} days remaining)`
+                : info.daysUntilExpiry !== null && info.daysUntilExpiry <= 0
+                    ? `${red}(expired)${reset}`
+                    : '';
+            console.log(`  Expires:    ${info.expiresAt.toLocaleDateString()} ${daysStr}`);
+        }
+        if (file?.lastValidatedAt) {
+            console.log(`  Validated:  ${new Date(file.lastValidatedAt).toLocaleString()}`);
+        }
+        if (file?.validationStatus) {
+            const statusColor = file.validationStatus === 'valid' ? green :
+                file.validationStatus === 'revoked' ? red : yellow;
+            console.log(`  Status:     ${statusColor}${file.validationStatus}${reset}`);
+        }
     }
-    if (file?.lastValidatedAt) {
-        console.log(`  Validated:  ${new Date(file.lastValidatedAt).toLocaleString()}`);
+    else if (trial?.active) {
+        // Trial active — no paid license
+        const expiryDate = new Date(trial.expiresAt).toLocaleDateString();
+        console.log(`  Tier:       ${tierBadge('pro')} ${dim}(trial)${reset}`);
+        console.log(`  🎁 Pro Trial: ${yellow}${trial.daysRemaining} day${trial.daysRemaining !== 1 ? 's' : ''} remaining${reset} (expires ${expiryDate})`);
+        console.log(`\n  Upgrade to keep Pro features after the trial:`);
+        console.log(`  ${cyan}https://shieldcortex.ai/pricing${reset}`);
+        console.log(`  shieldcortex license activate <key>`);
     }
-    if (file?.validationStatus) {
-        const statusColor = file.validationStatus === 'valid' ? green :
-            file.validationStatus === 'revoked' ? red : yellow;
-        console.log(`  Status:     ${statusColor}${file.validationStatus}${reset}`);
+    else {
+        // No license and no active trial
+        console.log(`  Tier:       ${tierBadge('free')}`);
+        if (trial && !trial.active) {
+            // Trial existed but expired
+            console.log(`\n  ${yellow}Pro trial expired.${reset} Upgrade at ${cyan}https://shieldcortex.ai/pricing${reset}`);
+        }
+        else {
+            console.log(`\n  No licence activated.`);
+            console.log(`  Upgrade at ${cyan}https://shieldcortex.ai/pricing${reset}`);
+        }
+        console.log(`  Activate:  shieldcortex license activate <key>\n`);
+        return;
     }
     console.log(`\n${bold}Features:${reset}`);
     const features = listFeatures();

package/dist/license/index.d.ts

@@ -1,7 +1,7 @@
 /**
  * License module — re-exports for public API and internal use.
  */
-export { getLicense, getLicenseTier, getLicenseFile, clearLicenseCache } from './store.js';
+export { getLicense, getLicenseTier, getLicenseFile, clearLicenseCache, getTrialStatus, isTrialActive, getTrialDaysRemaining } from './store.js';
 export { verifyLicenseKey, parseLicensePayload } from './verify.js';
 export { isFeatureEnabled, requireFeature, getRequiredTier, listFeatures, FeatureGatedError, } from './gate.js';
 export { scheduleOnlineValidation } from './validate.js';

package/dist/license/index.js

@@ -2,7 +2,7 @@
  * License module — re-exports for public API and internal use.
  */
 // ── Public API (exported from lib.ts) ────────────────────
-export { getLicense, getLicenseTier, getLicenseFile, clearLicenseCache } from './store.js';
+export { getLicense, getLicenseTier, getLicenseFile, clearLicenseCache, getTrialStatus, isTrialActive, getTrialDaysRemaining } from './store.js';
 export { verifyLicenseKey, parseLicensePayload } from './verify.js';
 export { isFeatureEnabled, requireFeature, getRequiredTier, listFeatures, FeatureGatedError, } from './gate.js';
 export { scheduleOnlineValidation } from './validate.js';

package/dist/license/store.d.ts

@@ -10,6 +10,8 @@
  * License is cached in memory after first read.
  */
 import type { LicenseTier, LicenseInfo, LicenseFile } from './keys.js';
+import { getTrialStatus, isTrialActive, getTrialDaysRemaining } from './trial.js';
+export { isTrialActive, getTrialDaysRemaining, getTrialStatus };
 /** Clear the in-memory cache (useful for testing or after activation). */
 export declare function clearLicenseCache(): void;
 /**
@@ -19,7 +21,8 @@ export declare function clearLicenseCache(): void;
 export declare function getLicense(): LicenseInfo;
 /**
  * Quick accessor for the current licence tier.
- * Returns 'free' if no valid licence exists.
+ * Returns 'pro' during an active trial (if no paid license is active).
+ * Returns 'free' otherwise.
  */
 export declare function getLicenseTier(): LicenseTier;
 /**

package/dist/license/store.js

@@ -13,13 +13,20 @@ import { readFileSync, writeFileSync, existsSync, unlinkSync, mkdirSync } from '
 import { join } from 'path';
 import { homedir } from 'os';
 import { verifyLicenseKey } from './verify.js';
-const CONFIG_DIR = join(homedir(), '.shieldcortex');
-const LICENSE_FILE = join(CONFIG_DIR, 'license.json');
+import { getTrialStatus, isTrialActive, getTrialDaysRemaining, clearTrialCache, } from './trial.js';
+export { isTrialActive, getTrialDaysRemaining, getTrialStatus };
+function getConfigDir() {
+    return process.env.SHIELDCORTEX_CONFIG_DIR || join(homedir(), '.shieldcortex');
+}
+function getLicenseFilePath() {
+    return join(getConfigDir(), 'license.json');
+}
 // ── Cache ────────────────────────────────────────────────
 let cachedLicense = null;
 /** Clear the in-memory cache (useful for testing or after activation). */
 export function clearLicenseCache() {
     cachedLicense = null;
+    clearTrialCache();
 }
 // ── Read ─────────────────────────────────────────────────
 /**
@@ -39,11 +46,12 @@ export function getLicense() {
         subscriptionId: null,
     };
     try {
-        if (!existsSync(LICENSE_FILE)) {
+        const licenseFile = getLicenseFilePath();
+        if (!existsSync(licenseFile)) {
             cachedLicense = FREE;
             return FREE;
         }
-        const raw = JSON.parse(readFileSync(LICENSE_FILE, 'utf-8'));
+        const raw = JSON.parse(readFileSync(licenseFile, 'utf-8'));
         if (!raw.key) {
             cachedLicense = FREE;
             return FREE;
@@ -68,10 +76,19 @@ export function getLicense() {
 }
 /**
  * Quick accessor for the current licence tier.
- * Returns 'free' if no valid licence exists.
+ * Returns 'pro' during an active trial (if no paid license is active).
+ * Returns 'free' otherwise.
  */
 export function getLicenseTier() {
-    return getLicense().tier;
+    const license = getLicense();
+    // Paid license takes priority — trial is irrelevant
+    if (license.valid)
+        return license.tier;
+    // No paid license: check if trial is active
+    const licenseFileExists = existsSync(getLicenseFilePath());
+    if (isTrialActive(licenseFileExists))
+        return 'pro';
+    return license.tier; // 'free'
 }
 /**
  * Read the raw license file data (for status display).
@@ -79,9 +96,10 @@ export function getLicenseTier() {
  */
 export function getLicenseFile() {
     try {
-        if (!existsSync(LICENSE_FILE))
+        const licenseFile = getLicenseFilePath();
+        if (!existsSync(licenseFile))
             return null;
-        return JSON.parse(readFileSync(LICENSE_FILE, 'utf-8'));
+        return JSON.parse(readFileSync(licenseFile, 'utf-8'));
     }
     catch {
         return null;
@@ -104,8 +122,10 @@ export function activateLicense(key) {
         lastValidatedAt: null,
         validationStatus: 'unvalidated',
     };
-    mkdirSync(CONFIG_DIR, { recursive: true });
-    writeFileSync(LICENSE_FILE, JSON.stringify(file, null, 2) + '\n', { mode: 0o600 });
+    const configDir = getConfigDir();
+    const licenseFile = getLicenseFilePath();
+    mkdirSync(configDir, { recursive: true });
+    writeFileSync(licenseFile, JSON.stringify(file, null, 2) + '\n', { mode: 0o600 });
     // Invalidate cache
     cachedLicense = info;
     return info;
@@ -115,14 +135,16 @@ export function activateLicense(key) {
  */
 export function deactivateLicense() {
     try {
-        if (existsSync(LICENSE_FILE)) {
-            unlinkSync(LICENSE_FILE);
+        const licenseFile = getLicenseFilePath();
+        if (existsSync(licenseFile)) {
+            unlinkSync(licenseFile);
         }
     }
     catch {
         // Best effort
     }
     cachedLicense = null;
+    clearTrialCache();
 }
 /**
  * Update the validation status and timestamp in the license file.
@@ -130,12 +152,13 @@ export function deactivateLicense() {
  */
 export function updateValidationStatus(status) {
     try {
-        if (!existsSync(LICENSE_FILE))
+        const licenseFile = getLicenseFilePath();
+        if (!existsSync(licenseFile))
             return;
-        const raw = JSON.parse(readFileSync(LICENSE_FILE, 'utf-8'));
+        const raw = JSON.parse(readFileSync(licenseFile, 'utf-8'));
         raw.validationStatus = status;
         raw.lastValidatedAt = new Date().toISOString();
-        writeFileSync(LICENSE_FILE, JSON.stringify(raw, null, 2) + '\n', { mode: 0o600 });
+        writeFileSync(licenseFile, JSON.stringify(raw, null, 2) + '\n', { mode: 0o600 });
         // If revoked or expired, invalidate cache so next getLicense() re-verifies
         if (status === 'revoked' || status === 'expired') {
             cachedLicense = null;

package/dist/license/trial.d.ts

@@ -0,0 +1,48 @@
+/**
+ * 14-day Pro trial — auto-granted on first install, no signup required.
+ *
+ * Trial state is stored in ~/.shieldcortex/trial.json.
+ * It is NEVER reset on reinstall (file persists across npm updates).
+ * An active paid license always takes priority over the trial.
+ */
+export interface TrialFile {
+    startedAt: string;
+    durationDays: number;
+    acknowledged: boolean;
+}
+export interface TrialStatus {
+    active: boolean;
+    daysRemaining: number;
+    startedAt: string;
+    expiresAt: string;
+    justCreated: boolean;
+}
+/** Clear the in-memory trial cache (useful for testing). */
+export declare function clearTrialCache(): void;
+/**
+ * Read (and lazily create) the trial state.
+ *
+ * - If `trial.json` already exists: read and return its status.
+ * - If `trial.json` does NOT exist AND `license.json` does NOT exist: create it now (first install).
+ * - If `trial.json` does NOT exist AND `license.json` DOES exist: don't create — user already has a paid license.
+ * - Returns null if no trial applies.
+ *
+ * Pass `licenseFileExists` to avoid a second disk read inside store.ts.
+ */
+export declare function getTrialStatus(licenseFileExists: boolean): TrialStatus | null;
+/**
+ * Whether a trial is currently active (Pro features unlocked by trial).
+ * Only returns true when no paid license is in effect — callers should
+ * check the license first and only fall back to this.
+ */
+export declare function isTrialActive(licenseFileExists: boolean): boolean;
+/**
+ * Days remaining in the trial (0 if expired or no trial).
+ */
+export declare function getTrialDaysRemaining(licenseFileExists: boolean): number;
+/**
+ * Mark the welcome message as acknowledged (suppress on subsequent runs).
+ */
+export declare function acknowledgeTrialWelcome(): void;
+/** Exposed for tests — returns the full trial file path */
+export declare function getTrialFilePath(): string;

package/dist/license/trial.js

@@ -0,0 +1,128 @@
+/**
+ * 14-day Pro trial — auto-granted on first install, no signup required.
+ *
+ * Trial state is stored in ~/.shieldcortex/trial.json.
+ * It is NEVER reset on reinstall (file persists across npm updates).
+ * An active paid license always takes priority over the trial.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+const TRIAL_DURATION_DAYS = 14;
+// ── Cache ────────────────────────────────────────────────
+let cachedTrial = undefined; // undefined = not loaded yet
+function getConfigDir() {
+    return process.env.SHIELDCORTEX_CONFIG_DIR || join(homedir(), '.shieldcortex');
+}
+function getTrialFile() {
+    return join(getConfigDir(), 'trial.json');
+}
+/** Clear the in-memory trial cache (useful for testing). */
+export function clearTrialCache() {
+    cachedTrial = undefined;
+}
+// ── Helpers ──────────────────────────────────────────────
+function computeStatus(data, justCreated = false) {
+    const startMs = new Date(data.startedAt).getTime();
+    const expiryMs = startMs + data.durationDays * 24 * 60 * 60 * 1000;
+    const nowMs = Date.now();
+    const msRemaining = expiryMs - nowMs;
+    const daysRemaining = Math.max(0, Math.ceil(msRemaining / (24 * 60 * 60 * 1000)));
+    return {
+        active: nowMs < expiryMs,
+        daysRemaining,
+        startedAt: data.startedAt,
+        expiresAt: new Date(expiryMs).toISOString(),
+        justCreated,
+    };
+}
+// ── Public API ────────────────────────────────────────────
+/**
+ * Read (and lazily create) the trial state.
+ *
+ * - If `trial.json` already exists: read and return its status.
+ * - If `trial.json` does NOT exist AND `license.json` does NOT exist: create it now (first install).
+ * - If `trial.json` does NOT exist AND `license.json` DOES exist: don't create — user already has a paid license.
+ * - Returns null if no trial applies.
+ *
+ * Pass `licenseFileExists` to avoid a second disk read inside store.ts.
+ */
+export function getTrialStatus(licenseFileExists) {
+    // Skip trial if env var set (useful for tests and CI)
+    if (process.env.SHIELDCORTEX_SKIP_TRIAL === '1')
+        return null;
+    if (cachedTrial !== undefined)
+        return cachedTrial;
+    try {
+        const trialFile = getTrialFile();
+        if (existsSync(trialFile)) {
+            const data = JSON.parse(readFileSync(trialFile, 'utf-8'));
+            // Return full status whether active or expired — callers use status.active to distinguish.
+            // Only return null when no trial file exists at all.
+            const status = computeStatus(data, false);
+            cachedTrial = status;
+            return cachedTrial;
+        }
+        // No trial file — only create on first install (no license either)
+        if (licenseFileExists) {
+            cachedTrial = null;
+            return null;
+        }
+        // First run — create the trial file
+        mkdirSync(getConfigDir(), { recursive: true });
+        const now = new Date().toISOString();
+        const trialData = {
+            startedAt: now,
+            durationDays: TRIAL_DURATION_DAYS,
+            acknowledged: false,
+        };
+        writeFileSync(trialFile, JSON.stringify(trialData, null, 2) + '\n', { mode: 0o600 });
+        const status = computeStatus(trialData, true);
+        cachedTrial = status; // always active on creation
+        return cachedTrial;
+    }
+    catch {
+        cachedTrial = null;
+        return null;
+    }
+}
+/**
+ * Whether a trial is currently active (Pro features unlocked by trial).
+ * Only returns true when no paid license is in effect — callers should
+ * check the license first and only fall back to this.
+ */
+export function isTrialActive(licenseFileExists) {
+    return getTrialStatus(licenseFileExists)?.active === true;
+}
+/**
+ * Days remaining in the trial (0 if expired or no trial).
+ */
+export function getTrialDaysRemaining(licenseFileExists) {
+    return getTrialStatus(licenseFileExists)?.daysRemaining ?? 0;
+}
+/**
+ * Mark the welcome message as acknowledged (suppress on subsequent runs).
+ */
+export function acknowledgeTrialWelcome() {
+    try {
+        const trialFile = getTrialFile();
+        if (!existsSync(trialFile))
+            return;
+        const data = JSON.parse(readFileSync(trialFile, 'utf-8'));
+        if (!data.acknowledged) {
+            data.acknowledged = true;
+            writeFileSync(trialFile, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
+        }
+        // Update cache
+        if (cachedTrial) {
+            cachedTrial = { ...cachedTrial, justCreated: false };
+        }
+    }
+    catch {
+        // Best effort
+    }
+}
+/** Exposed for tests — returns the full trial file path */
+export function getTrialFilePath() {
+    return getTrialFile();
+}

package/dist/server.js

@@ -20,7 +20,7 @@ import { getHighPriorityMemories, getRecentMemories, getRelatedMemories, createM
 import { detectContradictions } from './memory/contradiction.js';
 import { handleGraphQuery, handleGraphEntities, handleGraphExplain } from './tools/graph.js';
 import { checkDatabaseSize } from './database/init.js';
-import { queryAuditLogs, getAuditStats } from './defence/audit/index.js';
+import { queryAuditLogs, getAuditStats, getLifetimeStats } from './defence/audit/index.js';
 import { scanExistingMemories } from './defence/scanner/index.js';
 import { resolveSource } from './defence/trust/env-detector.js';
 import { logAudit } from './defence/audit/logger.js';
@@ -614,16 +614,34 @@ but you can use this tool to check for new contradictions at any time.`, {
         timeRange: z.enum(['24h', '7d', '30d']).default('24h'),
     }, { title: 'Defence Statistics', readOnlyHint: true, destructiveHint: false, idempotentHint: true }, async (args) => {
         const stats = getAuditStats(args.timeRange);
+        const fmt = new Intl.NumberFormat('en-US');
+        const n = (v) => fmt.format(v);
         const lines = [
-            `Defence Stats (${args.timeRange}):`,
-            `  Total operations: ${stats.totalOperations}`,
-            `  Allowed: ${stats.allowedCount}`,
-            `  Blocked: ${stats.blockedCount}`,
-            `  Quarantined: ${stats.quarantinedCount}`,
-            `  Top sources: ${stats.topSources.map(s => `${s.source}(${s.count})`).join(', ') || 'none'}`,
+            `🛡️  ShieldCortex Defence Stats (${args.timeRange})`,
+            `${'─'.repeat(36)}`,
+            `  Total operations:  ${n(stats.totalOperations)}`,
+            `  Allowed:           ${n(stats.allowedCount)}`,
+            `  Blocked:           ${n(stats.blockedCount)}`,
+            `  Quarantined:       ${n(stats.quarantinedCount)}`,
+            `  Top sources:       ${stats.topSources.map(s => `${s.source}(${n(s.count)})`).join(', ') || 'none'}`,
         ];
         if (Object.keys(stats.threatBreakdown).length > 0) {
-            lines.push(`  Threats: ${Object.entries(stats.threatBreakdown).map(([k, v]) => `${k}:${v}`).join(', ')}`);
+            lines.push(`  Threat types:      ${Object.entries(stats.threatBreakdown).map(([k, v]) => `${k}:${n(v)}`).join(', ')}`);
+        }
+        // Append lifetime totals
+        try {
+            const lifetime = getLifetimeStats();
+            lines.push('');
+            lines.push(`All-Time Totals`);
+            lines.push(`${'─'.repeat(36)}`);
+            lines.push(`  Total scans:        ${n(lifetime.totalScans)}`);
+            lines.push(`  Threats blocked:    ${n(lifetime.threatsBlocked)}`);
+            lines.push(`  Quarantined:        ${n(lifetime.quarantined)}`);
+            lines.push(`  Credential leaks:   ${n(lifetime.credentialLeaks)}`);
+            lines.push(`  Memories protected: ${n(lifetime.memoriesProtected)}`);
+        }
+        catch {
+            // Lifetime stats unavailable — not a problem
         }
         return { content: [{ type: 'text', text: lines.join('\n') }] };
     });

package/dist/setup/openclaw.js

@@ -233,15 +233,28 @@ function cleanupLegacyPlugin() {
     try {
         const raw = fs.readFileSync(configPath, 'utf-8');
         const config = JSON.parse(raw);
-        if (!config.plugins?.entries?.['shieldcortex-realtime'])
-            return;
-        delete config.plugins.entries['shieldcortex-realtime'];
-        if (Object.keys(config.plugins.entries).length === 0)
-            delete config.plugins.entries;
+        let changed = false;
+        // Remove legacy entries (old format before native installs)
+        if (config.plugins?.entries?.['shieldcortex-realtime']) {
+            delete config.plugins.entries['shieldcortex-realtime'];
+            if (Object.keys(config.plugins.entries).length === 0)
+                delete config.plugins.entries;
+            changed = true;
+        }
+        // Remove stale full-path entries from plugins.allow
+        // (pre-v2026.3 format used raw file paths instead of plugin IDs)
+        if (Array.isArray(config.plugins?.allow)) {
+            const before = config.plugins.allow.length;
+            config.plugins.allow = config.plugins.allow.filter((e) => !e.includes(PLUGIN_DIR_NAME) || e === PLUGIN_DIR_NAME);
+            if (config.plugins.allow.length < before)
+                changed = true;
+        }
         if (config.plugins && Object.keys(config.plugins).length === 0)
             delete config.plugins;
-        fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
-        console.log('Cleaned up legacy plugin entry from openclaw.json');
+        if (changed) {
+            fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+            console.log('Cleaned up legacy plugin entries from openclaw.json');
+        }
     }
     catch {
         // Non-critical — don't fail the install
@@ -250,9 +263,10 @@ function cleanupLegacyPlugin() {
 function openClawConfigPath() {
     return path.join(resolveUserHome(), '.openclaw', 'openclaw.json');
 }
-function trustLocalPlugin(indexPath) {
+function trustLocalPlugin(installDir, version) {
     const configPath = openClawConfigPath();
     const configDir = path.dirname(configPath);
+    const pluginId = PLUGIN_DIR_NAME; // "shieldcortex-realtime"
     try {
         if (!fs.existsSync(configDir)) {
             fs.mkdirSync(configDir, { recursive: true });
@@ -263,12 +277,33 @@ function trustLocalPlugin(indexPath) {
         const allow = Array.isArray(plugins.allow)
             ? (plugins.allow ?? [])
             : [];
-        if (!allow.includes(indexPath)) {
-            allow.push(indexPath);
+        // Remove any stale full-path entries for this plugin
+        const cleaned = allow.filter((e) => !e.includes(PLUGIN_DIR_NAME) || e === pluginId);
+        if (!cleaned.includes(pluginId)) {
+            cleaned.push(pluginId);
+        }
+        // Add installs entry so OpenClaw recognises the plugin
+        const installs = typeof plugins.installs === 'object' && plugins.installs !== null
+            ? plugins.installs
+            : {};
+        installs[pluginId] = {
+            source: 'local',
+            installPath: installDir,
+            version,
+            installedAt: new Date().toISOString(),
+        };
+        // Add entries to enable the plugin
+        const entries = typeof plugins.entries === 'object' && plugins.entries !== null
+            ? plugins.entries
+            : {};
+        if (!entries[pluginId]) {
+            entries[pluginId] = { enabled: true };
         }
         config.plugins = {
             ...plugins,
-            allow,
+            allow: cleaned,
+            installs,
+            entries,
         };
         fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
         return true;
@@ -383,13 +418,27 @@ function installPlugin() {
         catch {
             console.warn(`  Warning: ${indexDest} copied but not readable`);
         }
-        if (trustLocalPlugin(indexDest)) {
-            console.log('Trusted local OpenClaw plugin path via plugins.allow');
+        // Read plugin version from manifest
+        let pluginVersion = 'unknown';
+        try {
+            const manifest = JSON.parse(fs.readFileSync(path.join(destDir, 'openclaw.plugin.json'), 'utf-8'));
+            pluginVersion = manifest.version ?? pluginVersion;
+        }
+        catch {
+            // Fall back to package.json version
+            try {
+                const pkg = JSON.parse(fs.readFileSync(path.join(packageRoot, 'package.json'), 'utf-8'));
+                pluginVersion = pkg.version ?? pluginVersion;
+            }
+            catch { /* keep "unknown" */ }
+        }
+        if (trustLocalPlugin(destDir, pluginVersion)) {
+            console.log('Registered plugin in OpenClaw config (plugins.allow + installs)');
             console.log(`Installed real-time plugin to ${destDir}`);
             return 'trusted-local-copy';
         }
         else {
-            console.warn('  Warning: Could not pin copied plugin path in OpenClaw plugins.allow');
+            console.warn('  Warning: Could not register plugin in OpenClaw config');
             console.log(`Installed real-time plugin to ${destDir}`);
             return 'untrusted-local-copy';
         }
@@ -421,10 +470,18 @@ function uninstallPlugin() {
         if (fs.existsSync(configPath)) {
             const raw = fs.readFileSync(configPath, 'utf-8');
             const config = JSON.parse(raw);
+            const pluginId = PLUGIN_DIR_NAME;
             if (Array.isArray(config.plugins?.allow)) {
-                config.plugins.allow = config.plugins.allow.filter((entry) => entry !== indexPath);
-                fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+                // Remove both old file-path entries and new short-name entries
+                config.plugins.allow = config.plugins.allow.filter((entry) => !entry.includes(pluginId));
+            }
+            if (config.plugins?.installs?.[pluginId]) {
+                delete config.plugins.installs[pluginId];
+            }
+            if (config.plugins?.entries?.[pluginId]) {
+                delete config.plugins.entries[pluginId];
             }
+            fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
         }
         fs.rmSync(destDir, { recursive: true });
         console.log(`Removed real-time plugin from ${destDir}`);
@@ -457,7 +514,8 @@ function localPluginTrustStatus(pluginPath) {
         return 'unknown';
     try {
         const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
-        if (Array.isArray(config.plugins?.allow) && config.plugins.allow.includes(indexPath)) {
+        const allow = config.plugins?.allow;
+        if (Array.isArray(allow) && (allow.includes(PLUGIN_DIR_NAME) || allow.includes(indexPath))) {
             return 'trusted';
         }
         return 'untrusted';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "3.4.28",
+  "version": "3.4.30",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",