shieldcortex 4.2.4 → 4.3.0

package/dist/xray/patterns.js

@@ -0,0 +1,271 @@
+/**
+ * X-Ray Pattern Detection
+ *
+ * Comprehensive pattern groups for detecting hidden risk in packages, files,
+ * and metadata. Follows the same conventions as skill-scanner/patterns.ts:
+ *   - safeRegexTest wrapper for every test
+ *   - MAX_SCAN_LENGTH truncation to prevent ReDOS
+ *   - PatternGroup style with weighted confidence
+ *   - One match per group is enough (break after first)
+ */
+// ── Constants ───────────────────────────────────────────────────────────────
+/** Maximum content length to analyse (prevents ReDOS on very long inputs). */
+const MAX_SCAN_LENGTH = 50000;
+// ── Helpers ─────────────────────────────────────────────────────────────────
+/**
+ * Safely test a regex against content with a length limit.
+ */
+function safeRegexTest(pattern, text) {
+    const truncated = text.length > MAX_SCAN_LENGTH ? text.slice(0, MAX_SCAN_LENGTH) : text;
+    return pattern.test(truncated);
+}
+// ── Pattern Groups ──────────────────────────────────────────────────────────
+const XRAY_PATTERN_GROUPS = [
+    // 1. eval/exec with dynamic input
+    {
+        name: 'eval_exec',
+        category: 'eval-exec',
+        severity: 'critical',
+        title: 'Dynamic code execution detected',
+        description: 'Code uses eval(), new Function(), or vm.runIn* which can execute arbitrary code.',
+        patterns: [
+            /\beval\s*\(\s*[^)'"]/,
+            /\beval\s*\(\s*['"`]\s*\+/,
+            /\bnew\s+Function\s*\(/,
+            /\bvm\.runIn(ThisContext|NewContext|Context)\s*\(/,
+            /\bvm\.compileFunction\s*\(/,
+            /\bvm\.Script\s*\(/,
+        ],
+    },
+    // 2. Shell execution
+    {
+        name: 'shell_execution',
+        category: 'shell-execution',
+        severity: 'critical',
+        title: 'Shell command execution detected',
+        description: 'Code executes shell commands via child_process or similar APIs.',
+        patterns: [
+            /child_process\.(exec|execSync|spawn|spawnSync|fork)\s*\(/,
+            /require\s*\(\s*['"]child_process['"]\s*\)/,
+            /import\s+.*from\s+['"]child_process['"]/,
+            /\bexecSync\s*\(\s*[`'"]/,
+            /\bspawn\s*\([^)]*shell\s*:\s*true/,
+            /\bexec\s*\(\s*['"`](?:bash|sh|cmd|powershell)/i,
+        ],
+    },
+    // 3. Suspicious postinstall hooks
+    {
+        name: 'postinstall_hook',
+        category: 'persistence-hook',
+        severity: 'high',
+        title: 'Suspicious lifecycle script detected',
+        description: 'Package.json contains postinstall/preinstall/install scripts that may execute arbitrary code.',
+        patterns: [
+            /"(?:post|pre)?install"\s*:\s*"[^"]*(?:curl|wget|node\s+-e|bash|sh\s+-c|powershell)/i,
+            /"(?:post|pre)?install"\s*:\s*"[^"]*(?:https?:\/\/|eval|exec)/i,
+            /"(?:post|pre)?install"\s*:\s*"[^"]*\|\s*(?:bash|sh|node)/i,
+        ],
+    },
+    // 4. Network beacons on import
+    {
+        name: 'network_beacon',
+        category: 'network-beacon',
+        severity: 'high',
+        title: 'Network beacon on load detected',
+        description: 'Code makes network requests at the top level (on import/require), potentially phoning home.',
+        patterns: [
+            /^(?:const|let|var|import)[\s\S]{0,200}(?:fetch|http\.get|https\.get|http\.request|https\.request)\s*\(/m,
+            /^(?:const|let|var)[\s\S]{0,50}require\s*\(\s*['"](?:http|https|node-fetch|axios)['"]\s*\)[\s\S]{0,200}\.(?:get|post|request)\s*\(/m,
+            /\bnew\s+WebSocket\s*\(\s*['"`]/,
+            /\bdns\.(?:lookup|resolve|resolve4|resolve6)\s*\(/,
+            /\bnet\.connect\s*\(/,
+            /\bdgram\.createSocket\s*\(/,
+        ],
+    },
+    // 5. Obfuscation techniques
+    {
+        name: 'obfuscation',
+        category: 'obfuscation',
+        severity: 'high',
+        title: 'Code obfuscation detected',
+        description: 'Code uses obfuscation techniques such as hex-encoded strings, fromCharCode arrays, or atob/btoa chains.',
+        patterns: [
+            // Hex-encoded strings > 50 chars
+            /['"]\\x[0-9a-f]{2}(?:\\x[0-9a-f]{2}){24,}['"]/i,
+            // Long hex literal strings
+            /['"][0-9a-f]{50,}['"]/i,
+            // atob/btoa chains
+            /\batob\s*\(\s*(?:atob|btoa)\s*\(/,
+            /\batob\s*\(\s*['"][A-Za-z0-9+/=]{20,}['"]\s*\)/,
+            // String.fromCharCode arrays
+            /String\.fromCharCode\s*\(\s*(?:\d+\s*,\s*){10,}/,
+            // Buffer.from with hex/base64 for code execution
+            /Buffer\.from\s*\(\s*['"][A-Za-z0-9+/=]{40,}['"]\s*,\s*['"](?:base64|hex)['"]\s*\)[\s\S]{0,50}\.toString\s*\(/,
+            // _0x variable naming pattern (common obfuscator output)
+            /\b_0x[0-9a-f]{4,}\b/i,
+        ],
+    },
+    // 6. AI directive patterns (modelled on ST3GG INJECTION_TEMPLATES)
+    {
+        name: 'ai_directive',
+        category: 'ai-directive',
+        severity: 'critical',
+        title: 'AI directive injection detected',
+        description: 'Content contains patterns designed to manipulate AI model behaviour — prompt injection, jailbreak, or hidden instructions.',
+        patterns: [
+            // Direct AI instruction patterns
+            /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions?|prompts?|context)/i,
+            /disregard\s+(all\s+)?(previous|prior|above)\s+(instructions?|prompts?|rules?)/i,
+            /override\s+(previous|prior|all)\s+(instructions?|rules?|constraints?)/i,
+            /you\s+are\s+now\s+(?:in\s+)?(?:developer|god|admin|root|unrestricted)\s+mode/i,
+            /enter\s+(?:developer|god|admin|DAN|jailbreak)\s+mode/i,
+            /(?:system|hidden|secret)\s*(?:prompt|instruction|directive)\s*:/i,
+            // Instruction boundary attacks
+            /\[SYSTEM\]\s*:/i,
+            /\[INST\]/i,
+            /<\|(?:system|user|assistant|im_start|im_end)\|>/i,
+            // Encoded/hidden instruction markers
+            /(?:decode|execute|follow)\s+(?:the\s+)?hidden\s+(?:instructions?|payload|message)/i,
+            /(?:hidden|embedded|encoded)\s+(?:instructions?|directive|command)\s+(?:in|within|inside)/i,
+            // LSB steganography references
+            /(?:LSB|least\s+significant\s+bit)\s+(?:encoding|steganography|injection|extraction)/i,
+            /extract\s+(?:the\s+)?(?:hidden|embedded)\s+(?:data|message|payload)\s+from\s+(?:the\s+)?image/i,
+            // Filename-based directive patterns
+            /ignore_previous/i,
+            /decode_hidden/i,
+            /execute_instructions/i,
+            /override_previous/i,
+            /developer_mode/i,
+        ],
+    },
+    // 7. Unicode tricks
+    {
+        name: 'unicode_trick',
+        category: 'unicode-trick',
+        severity: 'medium',
+        title: 'Suspicious Unicode characters detected',
+        description: 'Content contains zero-width characters, homoglyphs, or bidirectional overrides that may hide malicious content.',
+        patterns: [
+            // Zero-width characters (multiple in sequence suggest intentional hiding)
+            /[\u200b\u200c\u200d\ufeff\u2060]{2,}/,
+            // RTL/LTR override characters
+            /[\u202a-\u202e\u2066-\u2069]/,
+            // Tag characters (U+E0001-U+E007F) — used for invisible text
+            /[\u{E0001}-\u{E007F}]/u,
+            // Combining characters abuse (>3 combining marks in a row)
+            /[\u0300-\u036f]{4,}/,
+        ],
+    },
+    // 8. Prompt injection in metadata
+    {
+        name: 'metadata_injection',
+        category: 'metadata-exploit',
+        severity: 'high',
+        title: 'Prompt injection in metadata',
+        description: 'Package metadata (description, keywords, author) contains AI instruction fragments designed to manipulate model behaviour.',
+        patterns: [
+            /"description"\s*:\s*"[^"]*(?:ignore\s+previous|you\s+are\s+now|system\s+prompt|execute\s+the\s+following|run\s+this\s+command)[^"]*"/i,
+            /"keywords"\s*:\s*\[[^\]]*"(?:ignore|override|execute|system.?prompt|jailbreak|DAN)[^"]*"[^\]]*\]/i,
+            /"author"\s*:\s*"[^"]*(?:ignore\s+previous|execute|system\s+prompt)[^"]*"/i,
+        ],
+    },
+    // 9. Covert channels
+    {
+        name: 'covert_channel',
+        category: 'covert-channel',
+        severity: 'high',
+        title: 'Potential covert communication channel',
+        description: 'Code establishes hidden communication channels using DNS, WebSocket, or encoded data exfiltration.',
+        patterns: [
+            // DNS-based exfiltration
+            /dns\.resolve[\s\S]{0,50}\.(?:concat|join)\s*\(/,
+            /\.replace\s*\([^)]+\)[\s\S]{0,50}dns\.(?:lookup|resolve)/,
+            // Steganographic data hiding
+            /\.(?:getImageData|putImageData)\s*\([\s\S]{0,200}(?:charCodeAt|fromCharCode)/,
+            // Data encoded in HTTP headers
+            /headers\s*[\[.]\s*['"](?:X-|Cookie)[\s\S]{0,100}(?:encode|btoa|Buffer\.from)/i,
+        ],
+    },
+    // 10. Dependency risk signals
+    {
+        name: 'dependency_risk',
+        category: 'dependency-risk',
+        severity: 'medium',
+        title: 'Dependency risk indicator',
+        description: 'Package exhibits characteristics associated with supply-chain attacks: wildcard versions, git dependencies, or excessive install scripts.',
+        patterns: [
+            // Wildcard or latest version
+            /"dependencies"\s*:\s*\{[^}]*"[^"]+"\s*:\s*"(?:\*|latest|>=)"/,
+            // Git URL dependencies
+            /"dependencies"\s*:\s*\{[^}]*"[^"]+"\s*:\s*"(?:git\+|github:|https:\/\/github\.com)/,
+            // Multiple lifecycle scripts
+            /"(?:preinstall|postinstall|preuninstall|postuninstall)"\s*:\s*"[^"]+"/,
+        ],
+    },
+];
+// ── Public API ──────────────────────────────────────────────────────────────
+/**
+ * Run all X-Ray pattern groups against content and return matched findings.
+ * Optionally tag findings with a file path and compute line numbers.
+ */
+export function detectPatterns(content, filePath) {
+    const findings = [];
+    const truncated = content.length > MAX_SCAN_LENGTH ? content.slice(0, MAX_SCAN_LENGTH) : content;
+    for (const group of XRAY_PATTERN_GROUPS) {
+        for (const pattern of group.patterns) {
+            if (safeRegexTest(pattern, truncated)) {
+                const match = pattern.exec(truncated);
+                let line;
+                let evidence;
+                if (match) {
+                    // Calculate line number from match index
+                    const before = truncated.slice(0, match.index);
+                    line = (before.match(/\n/g) || []).length + 1;
+                    evidence = match[0].slice(0, 120);
+                }
+                findings.push({
+                    severity: group.severity,
+                    category: group.category,
+                    title: group.title,
+                    description: group.description,
+                    file: filePath,
+                    line,
+                    evidence,
+                });
+                break; // one match per group is enough
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Check if a filename itself contains AI directive patterns.
+ */
+export function detectFilenameDirectives(filename) {
+    const findings = [];
+    const suspiciousPatterns = [
+        /ignore_previous/i,
+        /decode_hidden/i,
+        /execute_instructions/i,
+        /override_previous/i,
+        /developer_mode/i,
+        /system_prompt/i,
+        /jailbreak/i,
+        /\[SYSTEM\]/i,
+        /\[INST\]/i,
+    ];
+    for (const pattern of suspiciousPatterns) {
+        if (pattern.test(filename)) {
+            findings.push({
+                severity: 'critical',
+                category: 'ai-directive',
+                title: 'AI directive in filename',
+                description: `Filename "${filename}" contains an AI directive pattern designed to manipulate model behaviour.`,
+                file: filename,
+                evidence: filename,
+            });
+            break; // one finding per filename is enough
+        }
+    }
+    return findings;
+}

package/dist/xray/report.d.ts

@@ -0,0 +1,16 @@
+/**
+ * X-Ray Report Formatter
+ *
+ * Beautiful terminal output for X-Ray scan results.
+ * Follows the same ANSI colour style as src/audit/report-formatter.ts
+ * and src/cli/stats-banner.ts.
+ */
+import type { XRayResult } from './types.js';
+/**
+ * Format an X-Ray result for terminal display.
+ */
+export declare function formatXRayReport(result: XRayResult): string;
+/**
+ * Format an X-Ray result as markdown.
+ */
+export declare function formatXRayMarkdown(result: XRayResult): string;

package/dist/xray/report.js

@@ -0,0 +1,193 @@
+/**
+ * X-Ray Report Formatter
+ *
+ * Beautiful terminal output for X-Ray scan results.
+ * Follows the same ANSI colour style as src/audit/report-formatter.ts
+ * and src/cli/stats-banner.ts.
+ */
+// ── ANSI Colours ────────────────────────────────────────────
+const c = {
+    reset: '\x1b[0m',
+    bold: '\x1b[1m',
+    dim: '\x1b[2m',
+    red: '\x1b[31m',
+    green: '\x1b[32m',
+    yellow: '\x1b[33m',
+    blue: '\x1b[34m',
+    magenta: '\x1b[35m',
+    cyan: '\x1b[36m',
+    white: '\x1b[37m',
+    bgRed: '\x1b[41m',
+    bgGreen: '\x1b[42m',
+    bgYellow: '\x1b[43m',
+    brightRed: '\x1b[91m',
+};
+// ── Helpers ─────────────────────────────────────────────────
+function scoreColour(score) {
+    if (score >= 80)
+        return c.green;
+    if (score >= 60)
+        return c.yellow;
+    if (score >= 40)
+        return c.brightRed;
+    return c.red;
+}
+function riskColour(level) {
+    switch (level) {
+        case 'SAFE': return c.green;
+        case 'LOW': return c.yellow;
+        case 'MEDIUM': return c.brightRed;
+        case 'HIGH': return c.red;
+        case 'CRITICAL': return c.red;
+        default: return c.white;
+    }
+}
+function severityColour(severity) {
+    switch (severity) {
+        case 'critical': return c.red;
+        case 'high': return c.brightRed;
+        case 'medium': return c.yellow;
+        case 'low': return c.cyan;
+        case 'info': return c.dim;
+        default: return c.white;
+    }
+}
+function severityIcon(severity) {
+    switch (severity) {
+        case 'critical': return 'X';
+        case 'high': return '!';
+        case 'medium': return '~';
+        case 'low': return '-';
+        case 'info': return 'i';
+        default: return '?';
+    }
+}
+// ── ASCII Art ───────────────────────────────────────────────
+const XRAY_ART = `
+  ╔═══════════════════════════════════════╗
+  ║        ShieldCortex  X-Ray            ║
+  ║     Package & File Risk Scanner       ║
+  ╚═══════════════════════════════════════╝`;
+// ── Terminal Formatter ──────────────────────────────────────
+/**
+ * Format an X-Ray result for terminal display.
+ */
+export function formatXRayReport(result) {
+    const lines = [];
+    const sc = scoreColour(result.trustScore);
+    const rc = riskColour(result.riskLevel);
+    // Header
+    lines.push(`${c.cyan}${XRAY_ART}${c.reset}`);
+    lines.push('');
+    lines.push(`  ${c.bold}Target:${c.reset}  ${result.target}`);
+    lines.push(`  ${c.bold}Mode:${c.reset}    ${result.deepScan ? `${c.magenta}Deep Scan (Pro)${c.reset}` : 'Standard Scan'}`);
+    lines.push('');
+    // Trust Score
+    lines.push(`  ╔══════════════════════════╗`);
+    lines.push(`  ║  Trust Score: ${sc}${c.bold}${String(result.trustScore).padStart(3)}${c.reset}${' '.repeat(8)}║`);
+    lines.push(`  ║  Risk Level: ${rc}${c.bold}${result.riskLevel.padEnd(9)}${c.reset}  ║`);
+    lines.push(`  ╚══════════════════════════╝`);
+    lines.push('');
+    // Severity summary
+    const bySeverity = { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+    for (const f of result.findings) {
+        bySeverity[f.severity] = (bySeverity[f.severity] || 0) + 1;
+    }
+    const summaryParts = [];
+    if (bySeverity.critical > 0)
+        summaryParts.push(`${c.red}${bySeverity.critical} critical${c.reset}`);
+    if (bySeverity.high > 0)
+        summaryParts.push(`${c.brightRed}${bySeverity.high} high${c.reset}`);
+    if (bySeverity.medium > 0)
+        summaryParts.push(`${c.yellow}${bySeverity.medium} medium${c.reset}`);
+    if (bySeverity.low > 0)
+        summaryParts.push(`${c.cyan}${bySeverity.low} low${c.reset}`);
+    if (bySeverity.info > 0)
+        summaryParts.push(`${c.dim}${bySeverity.info} info${c.reset}`);
+    if (summaryParts.length > 0) {
+        lines.push(`  ${c.bold}Findings:${c.reset} ${summaryParts.join('  ')}`);
+    }
+    else {
+        lines.push(`  ${c.green}${c.bold}No risk indicators found.${c.reset}`);
+    }
+    lines.push('');
+    // Detailed findings grouped by severity
+    const severityOrder = ['critical', 'high', 'medium', 'low', 'info'];
+    const printable = result.findings.filter(f => f.severity !== 'info');
+    if (printable.length > 0) {
+        lines.push(`  ${c.bold}Details${c.reset}`);
+        lines.push(`  ${'─'.repeat(60)}`);
+        for (const severity of severityOrder) {
+            const findings = result.findings.filter(f => f.severity === severity);
+            if (findings.length === 0 || severity === 'info')
+                continue;
+            for (const finding of findings) {
+                const sc2 = severityColour(finding.severity);
+                const icon = severityIcon(finding.severity);
+                const categoryTag = `${c.dim}[${finding.category}]${c.reset}`;
+                lines.push(`  ${sc2}[${icon}] ${finding.severity.toUpperCase().padEnd(8)}${c.reset} ${categoryTag} ${finding.title}`);
+                lines.push(`     ${c.dim}${finding.description}${c.reset}`);
+                if (finding.file) {
+                    const loc = finding.line ? `${finding.file}:${finding.line}` : finding.file;
+                    lines.push(`     ${c.dim}File: ${loc}${c.reset}`);
+                }
+                if (finding.evidence) {
+                    lines.push(`     ${c.dim}Evidence: ${finding.evidence}${c.reset}`);
+                }
+                lines.push('');
+            }
+        }
+    }
+    // Footer
+    lines.push(`  ${'─'.repeat(60)}`);
+    lines.push(`  ${c.dim}Files scanned: ${result.filesScanned}  |  ${result.scannedAt.toISOString()}${c.reset}`);
+    if (!result.deepScan) {
+        lines.push(`  ${c.dim}Upgrade to Pro for deep scanning: npm registry analysis, binary inspection,${c.reset}`);
+        lines.push(`  ${c.dim}dependency graph risk, and AI-directive detection in metadata.${c.reset}`);
+        lines.push(`  ${c.dim}  https://shieldcortex.ai/pricing${c.reset}`);
+    }
+    lines.push('');
+    return lines.join('\n');
+}
+// ── Markdown Formatter ──────────────────────────────────────
+/**
+ * Format an X-Ray result as markdown.
+ */
+export function formatXRayMarkdown(result) {
+    const lines = [];
+    const riskEmoji = result.riskLevel === 'SAFE' ? '🟢' :
+        result.riskLevel === 'LOW' ? '🔵' :
+            result.riskLevel === 'MEDIUM' ? '🟡' :
+                result.riskLevel === 'HIGH' ? '🟠' : '🔴';
+    lines.push(`## ${riskEmoji} ShieldCortex X-Ray — ${result.target}`);
+    lines.push('');
+    lines.push(`**Trust Score:** ${result.trustScore}/100  `);
+    lines.push(`**Risk Level:** ${result.riskLevel}  `);
+    lines.push(`**Mode:** ${result.deepScan ? 'Deep Scan (Pro)' : 'Standard'}  `);
+    lines.push(`**Files Scanned:** ${result.filesScanned}`);
+    lines.push('');
+    const printable = result.findings.filter(f => f.severity !== 'info');
+    if (printable.length > 0) {
+        lines.push('### Findings');
+        lines.push('');
+        for (const finding of printable) {
+            const icon = finding.severity === 'critical' ? '🔴' :
+                finding.severity === 'high' ? '🟠' :
+                    finding.severity === 'medium' ? '🟡' : '🔵';
+            lines.push(`- ${icon} **[${finding.category}]** ${finding.title}`);
+            lines.push(`  ${finding.description}`);
+            if (finding.file) {
+                const loc = finding.line ? `${finding.file}:${finding.line}` : finding.file;
+                lines.push(`  📄 \`${loc}\``);
+            }
+            lines.push('');
+        }
+    }
+    else {
+        lines.push('**No risk indicators found.** All checks passed.');
+        lines.push('');
+    }
+    lines.push('---');
+    lines.push(`*Scanned by [ShieldCortex X-Ray](https://shieldcortex.ai) at ${result.scannedAt.toISOString()}*`);
+    return lines.join('\n');
+}

package/dist/xray/trust-score.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Trust Score Calculator
+ *
+ * Computes a 0–100 trust score from X-Ray findings and maps it to a risk level.
+ */
+import type { XRayFinding, XRayResult } from './types.js';
+export declare function calculateTrustScore(findings: XRayFinding[]): {
+    score: number;
+    riskLevel: XRayResult['riskLevel'];
+};

package/dist/xray/trust-score.js

@@ -0,0 +1,37 @@
+/**
+ * Trust Score Calculator
+ *
+ * Computes a 0–100 trust score from X-Ray findings and maps it to a risk level.
+ */
+// ── Penalty weights ─────────────────────────────────────────
+const SEVERITY_PENALTY = {
+    critical: 25,
+    high: 15,
+    medium: 8,
+    low: 3,
+    info: 0,
+};
+// ── Risk level thresholds ───────────────────────────────────
+function riskLevelFromScore(score) {
+    if (score >= 80)
+        return 'SAFE';
+    if (score >= 60)
+        return 'LOW';
+    if (score >= 40)
+        return 'MEDIUM';
+    if (score >= 20)
+        return 'HIGH';
+    return 'CRITICAL';
+}
+// ── Public API ──────────────────────────────────────────────
+export function calculateTrustScore(findings) {
+    let score = 100;
+    for (const finding of findings) {
+        score -= SEVERITY_PENALTY[finding.severity];
+    }
+    score = Math.max(0, score);
+    return {
+        score,
+        riskLevel: riskLevelFromScore(score),
+    };
+}

package/dist/xray/types.d.ts

@@ -0,0 +1,29 @@
+/**
+ * X-Ray Types
+ *
+ * Core type definitions for the ShieldCortex X-Ray scanner —
+ * package, file, and directory risk inspection.
+ */
+export type XRayCategory = 'prompt-injection' | 'eval-exec' | 'shell-execution' | 'network-beacon' | 'obfuscation' | 'steganography' | 'unicode-trick' | 'metadata-exploit' | 'persistence-hook' | 'covert-channel' | 'dependency-risk' | 'ai-directive';
+export interface XRayTarget {
+    type: 'npm' | 'dir' | 'file';
+    path: string;
+}
+export interface XRayFinding {
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    category: XRayCategory;
+    title: string;
+    description: string;
+    file?: string;
+    line?: number;
+    evidence?: string;
+}
+export interface XRayResult {
+    target: string;
+    trustScore: number;
+    riskLevel: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'SAFE';
+    findings: XRayFinding[];
+    filesScanned: number;
+    scannedAt: Date;
+    deepScan: boolean;
+}

package/dist/xray/types.js

@@ -0,0 +1,7 @@
+/**
+ * X-Ray Types
+ *
+ * Core type definitions for the ShieldCortex X-Ray scanner —
+ * package, file, and directory risk inspection.
+ */
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "4.2.4",
+  "version": "4.3.0",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/plugins/openclaw/dist/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
   "id": "shieldcortex-realtime",
-  "version": "4.2.1",
+  "version": "4.2.5",
   "name": "ShieldCortex Real-time Scanner",
   "description": "Real-time defence scanning on LLM input, memory extraction on LLM output, and active tool call interception with approval gating.",
   "uiHints": {