shieldcortex 3.4.29 → 3.4.31

package/dashboard/.next/standalone/node_modules/@img/{sharp-darwin-arm64 → sharp-linux-x64}/package.json

@@ -1,13 +1,13 @@
 {
-  "name": "@img/sharp-darwin-arm64",
+  "name": "@img/sharp-linux-x64",
   "version": "0.34.5",
-  "description": "Prebuilt sharp for use with macOS 64-bit ARM",
+  "description": "Prebuilt sharp for use with Linux (glibc) x64",
   "author": "Lovell Fuller <npm@lovell.info>",
   "homepage": "https://sharp.pixelplumbing.com",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/lovell/sharp.git",
-    "directory": "npm/darwin-arm64"
+    "directory": "npm/linux-x64"
   },
   "license": "Apache-2.0",
   "funding": {
@@ -15,7 +15,7 @@
   },
   "preferUnplugged": true,
   "optionalDependencies": {
-    "@img/sharp-libvips-darwin-arm64": "1.2.4"
+    "@img/sharp-libvips-linux-x64": "1.2.4"
   },
   "files": [
     "lib"
@@ -25,16 +25,22 @@
   },
   "type": "commonjs",
   "exports": {
-    "./sharp.node": "./lib/sharp-darwin-arm64.node",
+    "./sharp.node": "./lib/sharp-linux-x64.node",
     "./package": "./package.json"
   },
   "engines": {
     "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
   },
+  "config": {
+    "glibc": ">=2.26"
+  },
   "os": [
-    "darwin"
+    "linux"
+  ],
+  "libc": [
+    "glibc"
   ],
   "cpu": [
-    "arm64"
+    "x64"
   ]
 }

package/dashboard/.next/standalone/node_modules/@img/sharp-linuxmusl-x64/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@img/sharp-linuxmusl-x64",
+  "version": "0.34.5",
+  "description": "Prebuilt sharp for use with Linux (musl) x64",
+  "author": "Lovell Fuller <npm@lovell.info>",
+  "homepage": "https://sharp.pixelplumbing.com",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/lovell/sharp.git",
+    "directory": "npm/linuxmusl-x64"
+  },
+  "license": "Apache-2.0",
+  "funding": {
+    "url": "https://opencollective.com/libvips"
+  },
+  "preferUnplugged": true,
+  "optionalDependencies": {
+    "@img/sharp-libvips-linuxmusl-x64": "1.2.4"
+  },
+  "files": [
+    "lib"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "commonjs",
+  "exports": {
+    "./sharp.node": "./lib/sharp-linuxmusl-x64.node",
+    "./package": "./package.json"
+  },
+  "engines": {
+    "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+  },
+  "config": {
+    "musl": ">=1.2.2"
+  },
+  "os": [
+    "linux"
+  ],
+  "libc": [
+    "musl"
+  ],
+  "cpu": [
+    "x64"
+  ]
+}

package/dist/api/routes/system.js

@@ -1,4 +1,7 @@
 import { WebSocket } from 'ws';
+import { getLifetimeStats } from '../../defence/audit/queries.js';
+import { getAuditStats } from '../../defence/audit/queries.js';
+import { isDatabaseInitialized } from '../../database/init.js';
 import { getCloudConfig, getCloudSyncControls, getDeviceId, getDeviceName, getDefenceMode, getOpenClawMemoryConfig, isConfigTampered, readRawConfig, setCloudConfig, setCloudSyncControls, setDefenceMode, setOpenClawMemoryConfig, } from '../../cloud/config.js';
 import { getQueueStats } from '../../cloud/sync-queue.js';
 import { getDatabase } from '../../database/init.js';
@@ -25,10 +28,42 @@ export function registerSystemRoutes(app, deps) {
                     expiresAt: trial.expiresAt.slice(0, 10), // YYYY-MM-DD
                 }
                 : null;
+            // Stats (best effort — never fail the status endpoint)
+            let stats = null;
+            try {
+                if (isDatabaseInitialized()) {
+                    const lifetime = getLifetimeStats();
+                    const h24 = getAuditStats('24h');
+                    const d7 = getAuditStats('7d');
+                    stats = {
+                        lifetime: {
+                            totalScans: lifetime.totalScans,
+                            threatsBlocked: lifetime.threatsBlocked,
+                            quarantined: lifetime.quarantined,
+                            credentialLeaks: lifetime.credentialLeaks,
+                            memoriesProtected: lifetime.memoriesProtected,
+                        },
+                        last24h: {
+                            totalScans: h24.totalOperations,
+                            blocked: h24.blockedCount,
+                            quarantined: h24.quarantinedCount,
+                        },
+                        last7d: {
+                            totalScans: d7.totalOperations,
+                            blocked: d7.blockedCount,
+                            quarantined: d7.quarantinedCount,
+                        },
+                    };
+                }
+            }
+            catch {
+                // Stats unavailable — still return the rest of the status
+            }
             res.json({
                 tier: license.valid ? license.tier : (trial?.active ? 'pro' : 'free'),
                 licenseValid: license.valid,
                 trial: trialInfo,
+                ...(stats ? { stats } : {}),
             });
         }
         catch (error) {

package/dist/cli/stats-banner.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Stats banner — compact one-liner showing what ShieldCortex has protected
+ */
+import type { LifetimeStats } from '../defence/audit/queries.js';
+export declare function formatStatsBanner(stats: LifetimeStats): string | null;
+export declare function printStatsBanner(): Promise<void>;

package/dist/cli/stats-banner.js

@@ -0,0 +1,48 @@
+/**
+ * Stats banner — compact one-liner showing what ShieldCortex has protected
+ */
+const fmt = new Intl.NumberFormat('en-US');
+function n(num) {
+    return fmt.format(num);
+}
+const GREEN = '\x1b[32m';
+const DIM = '\x1b[2m';
+const BOLD = '\x1b[1m';
+const RESET = '\x1b[0m';
+export function formatStatsBanner(stats) {
+    // Nothing to show on a fresh install
+    if (stats.totalScans === 0)
+        return null;
+    const parts = [];
+    if (stats.threatsBlocked > 0 || stats.quarantined > 0) {
+        const blocked = stats.threatsBlocked + stats.quarantined;
+        parts.push(`${GREEN}${BOLD}${n(blocked)}${RESET}${DIM} threats blocked${RESET}`);
+    }
+    if (stats.credentialLeaks > 0) {
+        parts.push(`${GREEN}${BOLD}${n(stats.credentialLeaks)}${RESET}${DIM} credential leak${stats.credentialLeaks !== 1 ? 's' : ''} caught${RESET}`);
+    }
+    if (stats.memoriesProtected > 0) {
+        parts.push(`${GREEN}${BOLD}${n(stats.memoriesProtected)}${RESET}${DIM} memories scanned${RESET}`);
+    }
+    if (parts.length === 0) {
+        // Scans happened but nothing notable — show scan count
+        parts.push(`${GREEN}${BOLD}${n(stats.totalScans)}${RESET}${DIM} scans completed${RESET}`);
+    }
+    return `🛡️  ShieldCortex: ${parts.join(`${DIM} · ${RESET}`)}`;
+}
+export async function printStatsBanner() {
+    try {
+        const { isDatabaseInitialized } = await import('../database/init.js');
+        if (!isDatabaseInitialized())
+            return;
+        const { getLifetimeStats } = await import('../defence/audit/queries.js');
+        const stats = getLifetimeStats();
+        const banner = formatStatsBanner(stats);
+        if (banner) {
+            console.error(banner); // stderr so MCP stdout stays clean
+        }
+    }
+    catch {
+        // Never crash startup
+    }
+}

package/dist/cli/stats-command.d.ts

@@ -0,0 +1,4 @@
+/**
+ * shieldcortex stats — detailed security report
+ */
+export declare function runStatsCommand(): Promise<void>;

package/dist/cli/stats-command.js

@@ -0,0 +1,83 @@
+/**
+ * shieldcortex stats — detailed security report
+ */
+import { isDatabaseInitialized } from '../database/init.js';
+import { getLifetimeStats } from '../defence/audit/queries.js';
+import { getAuditStats } from '../defence/audit/queries.js';
+import { getLicense } from '../license/store.js';
+import { getTrialStatus } from '../license/trial.js';
+import { existsSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+const fmt = new Intl.NumberFormat('en-US');
+function n(num) {
+    return fmt.format(num);
+}
+const BOLD = '\x1b[1m';
+const DIM = '\x1b[2m';
+const GREEN = '\x1b[32m';
+const CYAN = '\x1b[36m';
+const RESET = '\x1b[0m';
+function row(label, value, width = 36) {
+    const l = label + ':';
+    const v = typeof value === 'number' ? n(value) : value;
+    return `  ${l.padEnd(width - v.toString().length - 2)}${GREEN}${v}${RESET}`;
+}
+function section(title) {
+    return `\n  ${BOLD}${title}${RESET}\n  ${'─'.repeat(34)}`;
+}
+export async function runStatsCommand() {
+    if (!isDatabaseInitialized()) {
+        // Try to init the default db first
+        try {
+            const { initDatabase } = await import('../database/init.js');
+            const dbPath = process.env.CLAUDE_MEMORY_DB || join(homedir(), '.shieldcortex', 'memories.db');
+            initDatabase(dbPath);
+        }
+        catch {
+            console.log(`\n  No database found. Run ShieldCortex first to start collecting stats.\n`);
+            return;
+        }
+    }
+    try {
+        const lifetime = getLifetimeStats();
+        const last24h = getAuditStats('24h');
+        const last7d = getAuditStats('7d');
+        const licenseFile = join(homedir(), '.shieldcortex', 'license.json');
+        const license = getLicense();
+        const trial = getTrialStatus(existsSync(licenseFile));
+        const tier = license.valid ? license.tier : (trial?.active ? 'pro (trial)' : 'free');
+        console.log(`\n  ${BOLD}🛡️  ShieldCortex Security Report${RESET}  ${DIM}[${tier}]${RESET}`);
+        console.log(section('All Time'));
+        console.log(row('Total scans', lifetime.totalScans));
+        console.log(row('Threats blocked', lifetime.threatsBlocked));
+        console.log(row('Quarantined', lifetime.quarantined));
+        console.log(row('Credential leaks', lifetime.credentialLeaks));
+        console.log(row('Memories protected', lifetime.memoriesProtected));
+        console.log(section('Last 24 Hours'));
+        console.log(row('Scans', last24h.totalOperations));
+        console.log(row('Blocked', last24h.blockedCount));
+        console.log(row('Quarantined', last24h.quarantinedCount));
+        console.log(section('Last 7 Days'));
+        console.log(row('Scans', last7d.totalOperations));
+        console.log(row('Blocked', last7d.blockedCount));
+        console.log(row('Quarantined', last7d.quarantinedCount));
+        const threats = last7d.threatBreakdown;
+        const threatEntries = Object.entries(threats).sort((a, b) => b[1] - a[1]).slice(0, 5);
+        if (threatEntries.length > 0) {
+            console.log(section('Top Threat Types (7d)'));
+            for (const [type, count] of threatEntries) {
+                console.log(row(type, count));
+            }
+        }
+        const isPro = license.valid || trial?.active;
+        if (!isPro) {
+            console.log(`\n  ${DIM}Upgrade to Pro for custom detection patterns.${RESET}`);
+            console.log(`  ${CYAN}https://shieldcortex.ai/pricing${RESET}`);
+        }
+        console.log();
+    }
+    catch (err) {
+        console.error('  Failed to load stats:', err.message);
+    }
+}

package/dist/defence/audit/index.d.ts

@@ -1,3 +1,3 @@
 export { logAudit, createContentHash } from './logger.js';
-export { queryAuditLogs, getAuditStats, queryAgentRegistry, queryAgentTimeline, queryAgentOperations } from './queries.js';
-export type { AuditQueryOptions, AuditStats, AgentInfo, AgentTimelinePoint } from './queries.js';
+export { queryAuditLogs, getAuditStats, getLifetimeStats, queryAgentRegistry, queryAgentTimeline, queryAgentOperations } from './queries.js';
+export type { AuditQueryOptions, AuditStats, LifetimeStats, AgentInfo, AgentTimelinePoint } from './queries.js';

package/dist/defence/audit/index.js

@@ -1,2 +1,2 @@
 export { logAudit, createContentHash } from './logger.js';
-export { queryAuditLogs, getAuditStats, queryAgentRegistry, queryAgentTimeline, queryAgentOperations } from './queries.js';
+export { queryAuditLogs, getAuditStats, getLifetimeStats, queryAgentRegistry, queryAgentTimeline, queryAgentOperations } from './queries.js';

package/dist/defence/audit/queries.d.ts

@@ -68,6 +68,18 @@ export declare function queryAuditLogs(options?: AuditQueryOptions): AuditEntry[
  * Get aggregate audit statistics for a time range.
  */
 export declare function getAuditStats(timeRange: '24h' | '7d' | '30d', project?: string): AuditStats;
+export interface LifetimeStats {
+    totalScans: number;
+    threatsBlocked: number;
+    quarantined: number;
+    credentialLeaks: number;
+    memoriesProtected: number;
+}
+/**
+ * Get all-time aggregate stats from the defence_audit table.
+ * Fast COUNT-only queries — no heavy computation.
+ */
+export declare function getLifetimeStats(): LifetimeStats;
 /**
  * Get distinct agents aggregated from audit logs.
  */

package/dist/defence/audit/queries.js

@@ -106,6 +106,46 @@ export function getAuditStats(timeRange, project) {
         threatBreakdown,
     };
 }
+/**
+ * Get all-time aggregate stats from the defence_audit table.
+ * Fast COUNT-only queries — no heavy computation.
+ */
+export function getLifetimeStats() {
+    const db = getDatabase();
+    // Counts by firewall result
+    const counts = db.prepare(`
+    SELECT firewall_result, COUNT(*) as cnt
+    FROM defence_audit
+    GROUP BY firewall_result
+  `).all();
+    let totalScans = 0;
+    let threatsBlocked = 0;
+    let quarantined = 0;
+    let memoriesProtected = 0;
+    for (const row of counts) {
+        totalScans += row.cnt;
+        if (row.firewall_result === 'BLOCK')
+            threatsBlocked = row.cnt;
+        else if (row.firewall_result === 'QUARANTINE')
+            quarantined = row.cnt;
+        else if (row.firewall_result === 'ALLOW')
+            memoriesProtected = row.cnt;
+    }
+    // Credential leaks: threat_indicators contains 'credential' (case-insensitive)
+    const credRow = db.prepare(`
+    SELECT COUNT(*) as cnt
+    FROM defence_audit
+    WHERE LOWER(threat_indicators) LIKE '%credential%'
+  `).get();
+    const credentialLeaks = credRow?.cnt ?? 0;
+    return {
+        totalScans,
+        threatsBlocked,
+        quarantined,
+        credentialLeaks,
+        memoriesProtected,
+    };
+}
 // ── Agent Query Functions ──
 /**
  * Get distinct agents aggregated from audit logs.

package/dist/index.js

@@ -415,6 +415,14 @@ async function main() {
         catch {
             // Best effort — never let trial messaging crash the CLI
         }
+        // Show stats banner (threats blocked etc.) for interactive CLI modes
+        try {
+            const { printStatsBanner } = await import('./cli/stats-banner.js');
+            await printStatsBanner();
+        }
+        catch {
+            // Never fail startup over stats
+        }
     }
     // Handle --help / -h / help / unknown args
     if (process.argv[2] === '--help' || process.argv[2] === '-h' || process.argv[2] === 'help') {
@@ -588,6 +596,12 @@ ${bold}DOCS${reset}
         await handleLicenseCommand(process.argv.slice(3));
         return;
     }
+    // Handle "stats" subcommand — detailed security report
+    if (process.argv[2] === 'stats') {
+        const { runStatsCommand } = await import('./cli/stats-command.js');
+        await runStatsCommand();
+        return;
+    }
     // Handle "audit" subcommand — full security audit of agent environment
     if (process.argv[2] === 'audit') {
         const { handleAuditCommand } = await import('./cli/audit.js');
@@ -734,7 +748,7 @@ ${bold}DOCS${reset}
         'doctor', 'quickstart', 'setup', 'install', 'migrate', 'uninstall', 'hook',
         'openclaw', 'clawdbot', 'copilot', 'codex', 'service', 'config', 'status',
         'graph', 'license', 'licence', 'audit', 'iron-dome', 'scan', 'cloud',
-        'scan-skill', 'scan-skills', 'dashboard', 'api', 'worker',
+        'scan-skill', 'scan-skills', 'dashboard', 'api', 'worker', 'stats',
     ]);
     const arg = process.argv[2];
     if (arg && !arg.startsWith('-') && !knownCommands.has(arg)) {

package/dist/server.js

@@ -20,7 +20,7 @@ import { getHighPriorityMemories, getRecentMemories, getRelatedMemories, createM
 import { detectContradictions } from './memory/contradiction.js';
 import { handleGraphQuery, handleGraphEntities, handleGraphExplain } from './tools/graph.js';
 import { checkDatabaseSize } from './database/init.js';
-import { queryAuditLogs, getAuditStats } from './defence/audit/index.js';
+import { queryAuditLogs, getAuditStats, getLifetimeStats } from './defence/audit/index.js';
 import { scanExistingMemories } from './defence/scanner/index.js';
 import { resolveSource } from './defence/trust/env-detector.js';
 import { logAudit } from './defence/audit/logger.js';
@@ -614,16 +614,34 @@ but you can use this tool to check for new contradictions at any time.`, {
         timeRange: z.enum(['24h', '7d', '30d']).default('24h'),
     }, { title: 'Defence Statistics', readOnlyHint: true, destructiveHint: false, idempotentHint: true }, async (args) => {
         const stats = getAuditStats(args.timeRange);
+        const fmt = new Intl.NumberFormat('en-US');
+        const n = (v) => fmt.format(v);
         const lines = [
-            `Defence Stats (${args.timeRange}):`,
-            `  Total operations: ${stats.totalOperations}`,
-            `  Allowed: ${stats.allowedCount}`,
-            `  Blocked: ${stats.blockedCount}`,
-            `  Quarantined: ${stats.quarantinedCount}`,
-            `  Top sources: ${stats.topSources.map(s => `${s.source}(${s.count})`).join(', ') || 'none'}`,
+            `🛡️  ShieldCortex Defence Stats (${args.timeRange})`,
+            `${'─'.repeat(36)}`,
+            `  Total operations:  ${n(stats.totalOperations)}`,
+            `  Allowed:           ${n(stats.allowedCount)}`,
+            `  Blocked:           ${n(stats.blockedCount)}`,
+            `  Quarantined:       ${n(stats.quarantinedCount)}`,
+            `  Top sources:       ${stats.topSources.map(s => `${s.source}(${n(s.count)})`).join(', ') || 'none'}`,
         ];
         if (Object.keys(stats.threatBreakdown).length > 0) {
-            lines.push(`  Threats: ${Object.entries(stats.threatBreakdown).map(([k, v]) => `${k}:${v}`).join(', ')}`);
+            lines.push(`  Threat types:      ${Object.entries(stats.threatBreakdown).map(([k, v]) => `${k}:${n(v)}`).join(', ')}`);
+        }
+        // Append lifetime totals
+        try {
+            const lifetime = getLifetimeStats();
+            lines.push('');
+            lines.push(`All-Time Totals`);
+            lines.push(`${'─'.repeat(36)}`);
+            lines.push(`  Total scans:        ${n(lifetime.totalScans)}`);
+            lines.push(`  Threats blocked:    ${n(lifetime.threatsBlocked)}`);
+            lines.push(`  Quarantined:        ${n(lifetime.quarantined)}`);
+            lines.push(`  Credential leaks:   ${n(lifetime.credentialLeaks)}`);
+            lines.push(`  Memories protected: ${n(lifetime.memoriesProtected)}`);
+        }
+        catch {
+            // Lifetime stats unavailable — not a problem
         }
         return { content: [{ type: 'text', text: lines.join('\n') }] };
     });

package/dist/setup/openclaw.js

@@ -233,15 +233,28 @@ function cleanupLegacyPlugin() {
     try {
         const raw = fs.readFileSync(configPath, 'utf-8');
         const config = JSON.parse(raw);
-        if (!config.plugins?.entries?.['shieldcortex-realtime'])
-            return;
-        delete config.plugins.entries['shieldcortex-realtime'];
-        if (Object.keys(config.plugins.entries).length === 0)
-            delete config.plugins.entries;
+        let changed = false;
+        // Remove legacy entries (old format before native installs)
+        if (config.plugins?.entries?.['shieldcortex-realtime']) {
+            delete config.plugins.entries['shieldcortex-realtime'];
+            if (Object.keys(config.plugins.entries).length === 0)
+                delete config.plugins.entries;
+            changed = true;
+        }
+        // Remove stale full-path entries from plugins.allow
+        // (pre-v2026.3 format used raw file paths instead of plugin IDs)
+        if (Array.isArray(config.plugins?.allow)) {
+            const before = config.plugins.allow.length;
+            config.plugins.allow = config.plugins.allow.filter((e) => !e.includes(PLUGIN_DIR_NAME) || e === PLUGIN_DIR_NAME);
+            if (config.plugins.allow.length < before)
+                changed = true;
+        }
         if (config.plugins && Object.keys(config.plugins).length === 0)
             delete config.plugins;
-        fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
-        console.log('Cleaned up legacy plugin entry from openclaw.json');
+        if (changed) {
+            fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+            console.log('Cleaned up legacy plugin entries from openclaw.json');
+        }
     }
     catch {
         // Non-critical — don't fail the install
@@ -250,9 +263,10 @@ function cleanupLegacyPlugin() {
 function openClawConfigPath() {
     return path.join(resolveUserHome(), '.openclaw', 'openclaw.json');
 }
-function trustLocalPlugin(indexPath) {
+function trustLocalPlugin(installDir, version) {
     const configPath = openClawConfigPath();
     const configDir = path.dirname(configPath);
+    const pluginId = PLUGIN_DIR_NAME; // "shieldcortex-realtime"
     try {
         if (!fs.existsSync(configDir)) {
             fs.mkdirSync(configDir, { recursive: true });
@@ -263,12 +277,33 @@ function trustLocalPlugin(indexPath) {
         const allow = Array.isArray(plugins.allow)
             ? (plugins.allow ?? [])
             : [];
-        if (!allow.includes(indexPath)) {
-            allow.push(indexPath);
+        // Remove any stale full-path entries for this plugin
+        const cleaned = allow.filter((e) => !e.includes(PLUGIN_DIR_NAME) || e === pluginId);
+        if (!cleaned.includes(pluginId)) {
+            cleaned.push(pluginId);
+        }
+        // Add installs entry so OpenClaw recognises the plugin
+        const installs = typeof plugins.installs === 'object' && plugins.installs !== null
+            ? plugins.installs
+            : {};
+        installs[pluginId] = {
+            source: 'path',
+            installPath: installDir,
+            version,
+            installedAt: new Date().toISOString(),
+        };
+        // Add entries to enable the plugin
+        const entries = typeof plugins.entries === 'object' && plugins.entries !== null
+            ? plugins.entries
+            : {};
+        if (!entries[pluginId]) {
+            entries[pluginId] = { enabled: true };
         }
         config.plugins = {
             ...plugins,
-            allow,
+            allow: cleaned,
+            installs,
+            entries,
         };
         fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
         return true;
@@ -383,13 +418,27 @@ function installPlugin() {
         catch {
             console.warn(`  Warning: ${indexDest} copied but not readable`);
         }
-        if (trustLocalPlugin(indexDest)) {
-            console.log('Trusted local OpenClaw plugin path via plugins.allow');
+        // Read plugin version from manifest
+        let pluginVersion = 'unknown';
+        try {
+            const manifest = JSON.parse(fs.readFileSync(path.join(destDir, 'openclaw.plugin.json'), 'utf-8'));
+            pluginVersion = manifest.version ?? pluginVersion;
+        }
+        catch {
+            // Fall back to package.json version
+            try {
+                const pkg = JSON.parse(fs.readFileSync(path.join(packageRoot, 'package.json'), 'utf-8'));
+                pluginVersion = pkg.version ?? pluginVersion;
+            }
+            catch { /* keep "unknown" */ }
+        }
+        if (trustLocalPlugin(destDir, pluginVersion)) {
+            console.log('Registered plugin in OpenClaw config (plugins.allow + installs)');
             console.log(`Installed real-time plugin to ${destDir}`);
             return 'trusted-local-copy';
         }
         else {
-            console.warn('  Warning: Could not pin copied plugin path in OpenClaw plugins.allow');
+            console.warn('  Warning: Could not register plugin in OpenClaw config');
             console.log(`Installed real-time plugin to ${destDir}`);
             return 'untrusted-local-copy';
         }
@@ -421,10 +470,18 @@ function uninstallPlugin() {
         if (fs.existsSync(configPath)) {
             const raw = fs.readFileSync(configPath, 'utf-8');
             const config = JSON.parse(raw);
+            const pluginId = PLUGIN_DIR_NAME;
             if (Array.isArray(config.plugins?.allow)) {
-                config.plugins.allow = config.plugins.allow.filter((entry) => entry !== indexPath);
-                fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+                // Remove both old file-path entries and new short-name entries
+                config.plugins.allow = config.plugins.allow.filter((entry) => !entry.includes(pluginId));
+            }
+            if (config.plugins?.installs?.[pluginId]) {
+                delete config.plugins.installs[pluginId];
+            }
+            if (config.plugins?.entries?.[pluginId]) {
+                delete config.plugins.entries[pluginId];
             }
+            fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
         }
         fs.rmSync(destDir, { recursive: true });
         console.log(`Removed real-time plugin from ${destDir}`);
@@ -457,7 +514,8 @@ function localPluginTrustStatus(pluginPath) {
         return 'unknown';
     try {
         const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
-        if (Array.isArray(config.plugins?.allow) && config.plugins.allow.includes(indexPath)) {
+        const allow = config.plugins?.allow;
+        if (Array.isArray(allow) && (allow.includes(PLUGIN_DIR_NAME) || allow.includes(indexPath))) {
             return 'trusted';
         }
         return 'untrusted';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "3.4.29",
+  "version": "3.4.31",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",