shieldcortex 4.3.0 → 4.4.0

package/dist/index.js

@@ -772,6 +772,12 @@ ${bold}DOCS${reset}
         await handleXRayCommand(process.argv.slice(3));
         process.exit(0);
     }
+    // Handle "xray-preinstall" subcommand — lightweight pre-install safety check
+    if (process.argv[2] === 'xray-preinstall') {
+        const { handlePreinstallCheck } = await import('./xray/preinstall.js');
+        await handlePreinstallCheck();
+        process.exit(0);
+    }
     // Handle "cortex" subcommand (Pro tier — mistake learning)
     if (process.argv[2] === 'cortex') {
         const { handleCortexCommand } = await import('./cortex/cli.js');
@@ -783,7 +789,7 @@ ${bold}DOCS${reset}
         'doctor', 'quickstart', 'setup', 'install', 'migrate', 'uninstall', 'hook',
         'openclaw', 'clawdbot', 'copilot', 'codex', 'service', 'config', 'status',
         'graph', 'license', 'licence', 'audit', 'iron-dome', 'scan', 'cloud',
-        'scan-skill', 'scan-skills', 'dashboard', 'api', 'worker', 'stats', 'cortex', 'consolidate', 'xray',
+        'scan-skill', 'scan-skills', 'dashboard', 'api', 'worker', 'stats', 'cortex', 'consolidate', 'xray', 'xray-preinstall',
     ]);
     const arg = process.argv[2];
     if (arg && !arg.startsWith('-') && !knownCommands.has(arg)) {

package/dist/xray/index.d.ts

@@ -14,6 +14,10 @@ export { scanFile } from './file-scanner.js';
 export { scanDirectory } from './dir-scanner.js';
 export { inspectNpmPackage } from './npm-inspector.js';
 export { formatXRayReport, formatXRayMarkdown } from './report.js';
+export { watchDirectory } from './watch.js';
+export { handlePreinstallCheck } from './preinstall.js';
+export { xrayMemoryContent } from './memory-guard.js';
+export type { MemoryGuardResult } from './memory-guard.js';
 /**
  * Handle the `shieldcortex xray` CLI command.
  */

package/dist/xray/index.js

@@ -16,12 +16,16 @@ import { scanDirectory } from './dir-scanner.js';
 import { inspectNpmPackage } from './npm-inspector.js';
 import { calculateTrustScore } from './trust-score.js';
 import { formatXRayReport, formatXRayMarkdown } from './report.js';
+import { watchDirectory } from './watch.js';
 export { calculateTrustScore } from './trust-score.js';
 export { detectPatterns, detectFilenameDirectives } from './patterns.js';
 export { scanFile } from './file-scanner.js';
 export { scanDirectory } from './dir-scanner.js';
 export { inspectNpmPackage } from './npm-inspector.js';
 export { formatXRayReport, formatXRayMarkdown } from './report.js';
+export { watchDirectory } from './watch.js';
+export { handlePreinstallCheck } from './preinstall.js';
+export { xrayMemoryContent } from './memory-guard.js';
 // ── Usage tracking ──────────────────────────────────────────
 const USAGE_FILE = path.join(os.homedir(), '.shieldcortex', 'xray-usage.json');
 const FREE_DAILY_LIMIT = 5;
@@ -79,22 +83,44 @@ export async function handleXRayCommand(args) {
     const deep = flags.has('--deep');
     const jsonOutput = flags.has('--json');
     const markdownOutput = flags.has('--markdown');
+    const ciMode = flags.has('--ci');
+    const watchMode = flags.has('--watch');
+    const ciThreshold = (() => {
+        const t = args.find(a => a.startsWith('--threshold='));
+        if (t)
+            return t.split('=')[1]?.toUpperCase() || 'HIGH';
+        return 'HIGH';
+    })();
     // Show usage if no target
     if (positional.length === 0) {
-        console.error('Usage: shieldcortex xray <target> [--deep] [--json] [--markdown]');
+        console.error('Usage: shieldcortex xray <target> [--deep] [--json] [--markdown] [--watch]');
         console.error('');
         console.error('  target:     npm package name, local file path, or directory path');
         console.error('  --deep      Deep scan with full analysis (Pro)');
         console.error('  --json      Output JSON result');
         console.error('  --markdown  Output markdown report');
+        console.error('  --ci        CI/CD mode: exit code 1 if risk >= threshold');
+        console.error('  --threshold=LEVEL  Risk threshold for --ci (CRITICAL|HIGH|MEDIUM|LOW, default: HIGH)');
+        console.error('  --watch     Watch directory for changes and scan incrementally');
         console.error('');
         console.error('Examples:');
         console.error('  shieldcortex xray ./src/');
         console.error('  shieldcortex xray package.json');
         console.error('  shieldcortex xray lodash --deep');
+        console.error('  shieldcortex xray ./src --watch');
         process.exit(1);
     }
     const target = positional[0];
+    // Watch mode — delegate to watchDirectory
+    if (watchMode) {
+        const resolved = path.resolve(target);
+        if (!fs.existsSync(resolved) || !fs.statSync(resolved).isDirectory()) {
+            console.error(`--watch requires a directory target: ${resolved}`);
+            process.exit(1);
+        }
+        await watchDirectory(resolved, deep, { json: jsonOutput });
+        return;
+    }
     // Deep scan requires Pro
     if (deep) {
         try {
@@ -163,4 +189,14 @@ export async function handleXRayCommand(args) {
     else {
         console.log(formatXRayReport(result));
     }
+    // CI/CD gate: exit 1 if risk level meets or exceeds threshold
+    if (ciMode) {
+        const levels = { SAFE: 0, LOW: 1, MEDIUM: 2, HIGH: 3, CRITICAL: 4 };
+        const resultLevel = levels[result.riskLevel] ?? 0;
+        const thresholdLevel = levels[ciThreshold] ?? 3;
+        if (resultLevel >= thresholdLevel) {
+            process.exit(1);
+        }
+        process.exit(0);
+    }
 }

package/dist/xray/memory-guard.d.ts

@@ -0,0 +1,26 @@
+/**
+ * X-Ray Memory Guard
+ *
+ * Synchronous, fast content scanner for memory pipeline integration.
+ * Checks content destined for memory storage against X-Ray pattern
+ * detection, returning an allow/deny decision with findings.
+ *
+ * No file I/O, no network — pure in-memory analysis.
+ */
+import type { XRayFinding } from './types.js';
+export interface MemoryGuardResult {
+    allowed: boolean;
+    findings: XRayFinding[];
+    riskLevel: string;
+}
+/**
+ * Scan content destined for memory storage.
+ *
+ * @param content - The memory content to scan
+ * @param title - Optional title/name for the memory entry
+ * @returns { allowed, findings, riskLevel }
+ *   - allowed: true if trust score >= 40 (MEDIUM or better)
+ *   - findings: all detected X-Ray findings
+ *   - riskLevel: SAFE | LOW | MEDIUM | HIGH | CRITICAL
+ */
+export declare function xrayMemoryContent(content: string, title?: string): MemoryGuardResult;

package/dist/xray/memory-guard.js

@@ -0,0 +1,36 @@
+/**
+ * X-Ray Memory Guard
+ *
+ * Synchronous, fast content scanner for memory pipeline integration.
+ * Checks content destined for memory storage against X-Ray pattern
+ * detection, returning an allow/deny decision with findings.
+ *
+ * No file I/O, no network — pure in-memory analysis.
+ */
+import { detectPatterns, detectFilenameDirectives } from './patterns.js';
+import { calculateTrustScore } from './trust-score.js';
+/**
+ * Scan content destined for memory storage.
+ *
+ * @param content - The memory content to scan
+ * @param title - Optional title/name for the memory entry
+ * @returns { allowed, findings, riskLevel }
+ *   - allowed: true if trust score >= 40 (MEDIUM or better)
+ *   - findings: all detected X-Ray findings
+ *   - riskLevel: SAFE | LOW | MEDIUM | HIGH | CRITICAL
+ */
+export function xrayMemoryContent(content, title) {
+    const findings = [];
+    // Scan the content body
+    findings.push(...detectPatterns(content));
+    // Scan the title for filename-style directives
+    if (title) {
+        findings.push(...detectFilenameDirectives(title));
+    }
+    const { score, riskLevel } = calculateTrustScore(findings);
+    return {
+        allowed: score >= 40,
+        findings,
+        riskLevel,
+    };
+}

package/dist/xray/preinstall.d.ts

@@ -0,0 +1,13 @@
+/**
+ * X-Ray Pre-install Hook
+ *
+ * Lightweight pre-install check that scans package.json scripts
+ * for suspicious patterns. Designed to run as an npm lifecycle script:
+ *   "preinstall": "shieldcortex xray-preinstall"
+ *
+ * Exit 1 blocks install (HIGH+ findings), exit 0 allows.
+ */
+/**
+ * Run a lightweight pre-install check on package.json scripts.
+ */
+export declare function handlePreinstallCheck(): Promise<void>;

package/dist/xray/preinstall.js

@@ -0,0 +1,95 @@
+/**
+ * X-Ray Pre-install Hook
+ *
+ * Lightweight pre-install check that scans package.json scripts
+ * for suspicious patterns. Designed to run as an npm lifecycle script:
+ *   "preinstall": "shieldcortex xray-preinstall"
+ *
+ * Exit 1 blocks install (HIGH+ findings), exit 0 allows.
+ */
+import fs from 'fs';
+import path from 'path';
+import { detectPatterns } from './patterns.js';
+import { calculateTrustScore } from './trust-score.js';
+// ── Constants ───────────────────────────────────────────────
+const SEVERITY_RANK = {
+    critical: 4,
+    high: 3,
+    medium: 2,
+    low: 1,
+    info: 0,
+};
+// ── Public API ──────────────────────────────────────────────
+/**
+ * Run a lightweight pre-install check on package.json scripts.
+ */
+export async function handlePreinstallCheck() {
+    const pkgName = process.env.npm_package_name;
+    const pkgVersion = process.env.npm_package_version;
+    const cwd = process.cwd();
+    const pkgJsonPath = path.join(cwd, 'package.json');
+    if (!fs.existsSync(pkgJsonPath)) {
+        console.log('ShieldCortex X-Ray pre-install check: PASS (no package.json found)');
+        process.exit(0);
+    }
+    let pkgContent;
+    try {
+        pkgContent = fs.readFileSync(pkgJsonPath, 'utf-8');
+    }
+    catch {
+        console.log('ShieldCortex X-Ray pre-install check: PASS (could not read package.json)');
+        process.exit(0);
+    }
+    let pkg;
+    try {
+        pkg = JSON.parse(pkgContent);
+    }
+    catch {
+        console.log('ShieldCortex X-Ray pre-install check: PASS (invalid package.json)');
+        process.exit(0);
+    }
+    // Scan scripts section only (lightweight, fast)
+    const scripts = pkg.scripts;
+    const allFindings = [];
+    if (scripts && typeof scripts === 'object') {
+        const scriptsJson = JSON.stringify({ scripts });
+        const findings = detectPatterns(scriptsJson, 'package.json (scripts)');
+        allFindings.push(...findings);
+    }
+    // Also scan the full package.json for metadata injection
+    const metaFindings = detectPatterns(pkgContent, 'package.json');
+    for (const f of metaFindings) {
+        if (f.category === 'metadata-exploit' || f.category === 'ai-directive') {
+            allFindings.push(f);
+        }
+    }
+    const { score, riskLevel } = calculateTrustScore(allFindings);
+    const maxSeverity = allFindings.reduce((max, f) => Math.max(max, SEVERITY_RANK[f.severity] ?? 0), 0);
+    const label = pkgName
+        ? `${pkgName}@${pkgVersion || 'unknown'}`
+        : path.basename(cwd);
+    if (allFindings.length === 0) {
+        console.log(`ShieldCortex X-Ray pre-install check: PASS — ${label} (score: ${score})`);
+        process.exit(0);
+    }
+    // Print findings
+    console.log('');
+    console.log(`ShieldCortex X-Ray pre-install scan: ${label}`);
+    console.log(`  Trust Score: ${score}/100  Risk: ${riskLevel}`);
+    console.log('');
+    for (const f of allFindings) {
+        console.log(`  [${f.severity.toUpperCase()}] [${f.category}] ${f.title}`);
+        if (f.evidence) {
+            console.log(`    Evidence: ${f.evidence}`);
+        }
+    }
+    console.log('');
+    // HIGH or CRITICAL → block
+    if (maxSeverity >= SEVERITY_RANK.high) {
+        console.log('ShieldCortex X-Ray pre-install check: FAIL — blocking install due to HIGH+ risk findings');
+        process.exit(1);
+    }
+    // MEDIUM or below → warn but allow
+    console.log('ShieldCortex X-Ray pre-install check: PASS (warnings found, but below blocking threshold)');
+    process.exit(0);
+}

package/dist/xray/watch.d.ts

@@ -0,0 +1,12 @@
+/**
+ * X-Ray Watch Mode
+ *
+ * Watches a directory for file changes and incrementally re-scans
+ * only the changed files, printing new findings as they appear.
+ */
+/**
+ * Watch a directory for changes and incrementally scan changed files.
+ */
+export declare function watchDirectory(dirPath: string, deep: boolean, options?: {
+    json?: boolean;
+}): Promise<void>;

package/dist/xray/watch.js

@@ -0,0 +1,125 @@
+/**
+ * X-Ray Watch Mode
+ *
+ * Watches a directory for file changes and incrementally re-scans
+ * only the changed files, printing new findings as they appear.
+ */
+import fs from 'fs';
+import path from 'path';
+import crypto from 'crypto';
+import { scanFile } from './file-scanner.js';
+import { calculateTrustScore } from './trust-score.js';
+// ── Constants ───────────────────────────────────────────────
+const DEBOUNCE_MS = 500;
+const MAX_FILE_SIZE = 10 * 1024 * 1024;
+const IGNORE_DIRS = new Set(['node_modules', '.git', 'dist', 'build']);
+// ── Helpers ─────────────────────────────────────────────────
+function shouldIgnore(filePath) {
+    const parts = filePath.split(path.sep);
+    return parts.some(p => IGNORE_DIRS.has(p));
+}
+function findingHash(f) {
+    const key = `${f.file || ''}|${f.category}|${f.title}`;
+    return crypto.createHash('sha256').update(key).digest('hex');
+}
+// ── ANSI colours ────────────────────────────────────────────
+const c = {
+    reset: '\x1b[0m',
+    bold: '\x1b[1m',
+    dim: '\x1b[2m',
+    red: '\x1b[31m',
+    green: '\x1b[32m',
+    yellow: '\x1b[33m',
+    cyan: '\x1b[36m',
+    brightRed: '\x1b[91m',
+};
+function severityColour(severity) {
+    switch (severity) {
+        case 'critical': return c.red;
+        case 'high': return c.brightRed;
+        case 'medium': return c.yellow;
+        case 'low': return c.cyan;
+        default: return c.dim;
+    }
+}
+// ── Public API ──────────────────────────────────────────────
+/**
+ * Watch a directory for changes and incrementally scan changed files.
+ */
+export async function watchDirectory(dirPath, deep, options) {
+    const resolved = path.resolve(dirPath);
+    const seenHashes = new Set();
+    const json = options?.json ?? false;
+    // Debounce map: filePath → timeout
+    const pending = new Map();
+    console.log(`${c.cyan}${c.bold}Watching ${resolved} for changes... (Ctrl+C to stop)${c.reset}`);
+    async function handleChange(filePath) {
+        const abs = path.resolve(resolved, filePath);
+        if (shouldIgnore(abs))
+            return;
+        // Check exists & size
+        let stat;
+        try {
+            stat = fs.statSync(abs);
+        }
+        catch {
+            return;
+        }
+        if (!stat.isFile() || stat.size > MAX_FILE_SIZE)
+            return;
+        const findings = await scanFile(abs, deep);
+        const newFindings = [];
+        for (const f of findings) {
+            const h = findingHash(f);
+            if (!seenHashes.has(h)) {
+                seenHashes.add(h);
+                newFindings.push(f);
+            }
+        }
+        if (newFindings.length === 0)
+            return;
+        if (json) {
+            const { score, riskLevel } = calculateTrustScore(newFindings);
+            console.log(JSON.stringify({
+                file: abs,
+                trustScore: score,
+                riskLevel,
+                findings: newFindings,
+                detectedAt: new Date().toISOString(),
+            }));
+        }
+        else {
+            const { score, riskLevel } = calculateTrustScore(newFindings);
+            console.log('');
+            console.log(`${c.bold}[${new Date().toLocaleTimeString()}]${c.reset} ${c.cyan}${abs}${c.reset}  (score: ${score}, risk: ${riskLevel})`);
+            for (const f of newFindings) {
+                const sc = severityColour(f.severity);
+                console.log(`  ${sc}[${f.severity.toUpperCase()}]${c.reset} [${f.category}] ${f.title}`);
+                if (f.evidence) {
+                    console.log(`    ${c.dim}${f.evidence}${c.reset}`);
+                }
+            }
+        }
+    }
+    const watcher = fs.watch(resolved, { recursive: true }, (_event, filename) => {
+        if (!filename)
+            return;
+        const filePath = filename.toString();
+        // Debounce
+        const existing = pending.get(filePath);
+        if (existing)
+            clearTimeout(existing);
+        pending.set(filePath, setTimeout(() => {
+            pending.delete(filePath);
+            handleChange(filePath).catch(() => { });
+        }, DEBOUNCE_MS));
+    });
+    // Keep the process alive until Ctrl+C
+    return new Promise((resolve) => {
+        process.on('SIGINT', () => {
+            watcher.close();
+            console.log(`\n${c.dim}Watch stopped.${c.reset}`);
+            resolve();
+        });
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "4.3.0",
+  "version": "4.4.0",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/plugins/openclaw/dist/interceptor.js

@@ -141,6 +141,49 @@ function writeAuditEntry(entry) {
         // Best-effort — never block on audit failure
     }
 }
+// --- X-Ray Inline Guard ---
+// Lightweight inline version of xrayMemoryContent for the plugin build boundary.
+// Detects AI directive injection patterns in memory content.
+const XRAY_AI_DIRECTIVE_PATTERNS = [
+    /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions?|prompts?|context)/i,
+    /disregard\s+(all\s+)?(previous|prior|above)\s+(instructions?|rules?)/i,
+    /override\s+(previous|prior|all)\s+(instructions?|rules?|constraints?)/i,
+    /you\s+are\s+now\s+(?:in\s+)?(?:developer|god|admin|root|unrestricted)\s+mode/i,
+    /enter\s+(?:developer|god|admin|DAN|jailbreak)\s+mode/i,
+    /(?:system|hidden|secret)\s*(?:prompt|instruction|directive)\s*:/i,
+    /\[SYSTEM\]\s*:/i,
+    /\[INST\]/i,
+    /<\|(?:system|user|assistant|im_start|im_end)\|>/i,
+    /(?:decode|execute|follow)\s+(?:the\s+)?hidden\s+(?:instructions?|payload|message)/i,
+    /(?:hidden|embedded|encoded)\s+(?:instructions?|directive|command)\s+(?:in|within|inside)/i,
+];
+const XRAY_FILENAME_PATTERNS = [
+    /ignore_previous/i, /decode_hidden/i, /execute_instructions/i,
+    /override_previous/i, /developer_mode/i, /system_prompt/i,
+    /jailbreak/i, /\[SYSTEM\]/i, /\[INST\]/i,
+];
+function xrayMemoryGuard(content, title) {
+    const findings = [];
+    const text = content.length > 50000 ? content.slice(0, 50000) : content;
+    for (const pattern of XRAY_AI_DIRECTIVE_PATTERNS) {
+        if (pattern.test(text)) {
+            findings.push({ category: 'ai-directive', title: 'AI directive injection detected', severity: 'critical' });
+            break;
+        }
+    }
+    if (title) {
+        for (const pattern of XRAY_FILENAME_PATTERNS) {
+            if (pattern.test(title)) {
+                findings.push({ category: 'ai-directive', title: 'AI directive in title', severity: 'critical' });
+                break;
+            }
+        }
+    }
+    // Score: 100 - 25 per critical finding
+    const score = Math.max(0, 100 - findings.length * 25);
+    const riskLevel = score >= 80 ? 'SAFE' : score >= 60 ? 'LOW' : score >= 40 ? 'MEDIUM' : score >= 20 ? 'HIGH' : 'CRITICAL';
+    return { allowed: score >= 40, findings, riskLevel };
+}
 export function createInterceptor(config, pipeline, options) {
     const denyCache = new DenyCache();
     const rateLimiter = new RateLimiter(options?.maxPromptsPerMinute ?? 5);
@@ -157,6 +200,18 @@ export function createInterceptor(config, pipeline, options) {
         const fullContent = [title, content].filter(Boolean).join(' ');
         if (!fullContent.trim())
             return;
+        // X-Ray content scan — fast, synchronous, no I/O
+        const xrayResult = xrayMemoryGuard(content, title || undefined);
+        if (!xrayResult.allowed) {
+            const xrayEntry = {
+                type: 'intercept', tool: context.toolName, severity: 'critical',
+                firewallResult: 'BLOCK', threats: xrayResult.findings.map(f => f.category),
+                anomalyScore: 1, action: 'auto_deny', outcome: 'auto_denied',
+                preview: fullContent.slice(0, 200), ts: new Date().toISOString(),
+            };
+            emitAudit(xrayEntry);
+            throw new Error(`ShieldCortex: tool call blocked by X-Ray memory guard (risk: ${xrayResult.riskLevel}, findings: ${xrayResult.findings.length})`);
+        }
         let severity;
         let firewallResult;
         let threats;