shieldcortex 4.34.0 → 4.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (372) hide show
  1. package/dashboard/.next/standalone/dashboard/.next/BUILD_ID +1 -1
  2. package/dashboard/.next/standalone/dashboard/.next/build-manifest.json +2 -2
  3. package/dashboard/.next/standalone/dashboard/.next/prerender-manifest.json +3 -3
  4. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/admin/page.js +1 -1
  5. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/admin/page.js.nft.json +1 -1
  6. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/admin/page_client-reference-manifest.js +1 -1
  7. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/cloud/page.js +1 -1
  8. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/cloud/page.js.nft.json +1 -1
  9. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/cloud/page_client-reference-manifest.js +1 -1
  10. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/capture/page.js +1 -1
  11. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/capture/page.js.nft.json +1 -1
  12. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/capture/page_client-reference-manifest.js +1 -1
  13. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/graph/page.js +1 -1
  14. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/graph/page.js.nft.json +1 -1
  15. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/graph/page_client-reference-manifest.js +1 -1
  16. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/page/react-loadable-manifest.json +1 -1
  17. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/page.js +1 -1
  18. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/page.js.nft.json +1 -1
  19. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/page_client-reference-manifest.js +1 -1
  20. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/recall/page.js +1 -1
  21. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/recall/page.js.nft.json +1 -1
  22. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/recall/page_client-reference-manifest.js +1 -1
  23. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/replay/page.js +1 -1
  24. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/replay/page.js.nft.json +1 -1
  25. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/replay/page_client-reference-manifest.js +1 -1
  26. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/review/page.js +1 -1
  27. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/review/page.js.nft.json +1 -1
  28. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/review/page_client-reference-manifest.js +1 -1
  29. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/timeline/page.js +1 -1
  30. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/timeline/page.js.nft.json +1 -1
  31. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/memory/timeline/page_client-reference-manifest.js +1 -1
  32. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/overview/page.js +1 -1
  33. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/overview/page.js.nft.json +1 -1
  34. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/overview/page_client-reference-manifest.js +1 -1
  35. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/audit/page.js +1 -1
  36. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/audit/page.js.nft.json +1 -1
  37. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/audit/page_client-reference-manifest.js +1 -1
  38. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/intercepts/page.js +1 -1
  39. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/intercepts/page.js.nft.json +1 -1
  40. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/intercepts/page_client-reference-manifest.js +1 -1
  41. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/iron-dome/page.js +1 -1
  42. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/iron-dome/page.js.nft.json +1 -1
  43. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/iron-dome/page_client-reference-manifest.js +1 -1
  44. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/page.js +1 -1
  45. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/page.js.nft.json +1 -1
  46. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/page_client-reference-manifest.js +1 -1
  47. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/policies/page.js +1 -1
  48. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/policies/page.js.nft.json +1 -1
  49. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/policies/page_client-reference-manifest.js +1 -1
  50. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/quarantine/page.js +1 -1
  51. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/quarantine/page.js.nft.json +1 -1
  52. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/protection/quarantine/page_client-reference-manifest.js +1 -1
  53. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/settings/page.js +1 -1
  54. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/settings/page.js.nft.json +1 -1
  55. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/settings/page_client-reference-manifest.js +1 -1
  56. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/supply-chain/page.js +1 -1
  57. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/supply-chain/page.js.nft.json +1 -1
  58. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/supply-chain/page_client-reference-manifest.js +1 -1
  59. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/supply-chain/xray/page.js +1 -1
  60. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/supply-chain/xray/page.js.nft.json +1 -1
  61. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/supply-chain/xray/page_client-reference-manifest.js +1 -1
  62. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/xray/page.js +1 -1
  63. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/xray/page.js.nft.json +1 -1
  64. package/dashboard/.next/standalone/dashboard/.next/server/app/(dashboard)/xray/page_client-reference-manifest.js +1 -1
  65. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.html +2 -2
  66. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.rsc +1 -1
  67. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
  68. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
  69. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
  70. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
  71. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
  72. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
  73. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.html +1 -9
  74. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.rsc +2 -2
  75. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_full.segment.rsc +2 -2
  76. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_head.segment.rsc +1 -1
  77. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_index.segment.rsc +2 -2
  78. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_not-found/__PAGE__.segment.rsc +1 -1
  79. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_not-found.segment.rsc +1 -1
  80. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_tree.segment.rsc +2 -2
  81. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.html +1 -1
  82. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.rsc +18 -19
  83. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/!KGRhc2hib2FyZCk/admin/__PAGE__.segment.rsc +1 -1
  84. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/!KGRhc2hib2FyZCk/admin.segment.rsc +1 -1
  85. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  86. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_full.segment.rsc +18 -19
  87. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_head.segment.rsc +1 -1
  88. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_index.segment.rsc +2 -2
  89. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_tree.segment.rsc +2 -2
  90. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.html +1 -1
  91. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.rsc +18 -19
  92. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/!KGRhc2hib2FyZCk/cloud/__PAGE__.segment.rsc +1 -1
  93. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/!KGRhc2hib2FyZCk/cloud.segment.rsc +1 -1
  94. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  95. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_full.segment.rsc +18 -19
  96. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_head.segment.rsc +1 -1
  97. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_index.segment.rsc +2 -2
  98. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_tree.segment.rsc +2 -2
  99. package/dashboard/.next/standalone/dashboard/.next/server/app/index.html +1 -1
  100. package/dashboard/.next/standalone/dashboard/.next/server/app/index.rsc +2 -2
  101. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/__PAGE__.segment.rsc +1 -1
  102. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_full.segment.rsc +2 -2
  103. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_head.segment.rsc +1 -1
  104. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_index.segment.rsc +2 -2
  105. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_tree.segment.rsc +2 -2
  106. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.html +1 -1
  107. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.rsc +18 -18
  108. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk/memory/capture/__PAGE__.segment.rsc +1 -1
  109. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk/memory/capture.segment.rsc +1 -1
  110. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  111. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  112. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_full.segment.rsc +18 -18
  113. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_head.segment.rsc +1 -1
  114. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_index.segment.rsc +2 -2
  115. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_tree.segment.rsc +2 -2
  116. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.html +1 -1
  117. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.rsc +18 -18
  118. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk/memory/graph/__PAGE__.segment.rsc +1 -1
  119. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk/memory/graph.segment.rsc +1 -1
  120. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  121. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  122. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_full.segment.rsc +18 -18
  123. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_head.segment.rsc +1 -1
  124. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_index.segment.rsc +2 -2
  125. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_tree.segment.rsc +2 -2
  126. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.html +1 -1
  127. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.rsc +18 -18
  128. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk/memory/recall/__PAGE__.segment.rsc +1 -1
  129. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk/memory/recall.segment.rsc +1 -1
  130. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  131. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  132. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_full.segment.rsc +18 -18
  133. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_head.segment.rsc +1 -1
  134. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_index.segment.rsc +2 -2
  135. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_tree.segment.rsc +2 -2
  136. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.html +1 -9
  137. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.rsc +16 -16
  138. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk/memory/replay/__PAGE__.segment.rsc +3 -3
  139. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk/memory/replay.segment.rsc +1 -1
  140. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  141. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  142. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_full.segment.rsc +16 -16
  143. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_head.segment.rsc +1 -1
  144. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_index.segment.rsc +2 -2
  145. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_tree.segment.rsc +2 -2
  146. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.html +1 -1
  147. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.rsc +18 -18
  148. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk/memory/review/__PAGE__.segment.rsc +1 -1
  149. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk/memory/review.segment.rsc +1 -1
  150. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  151. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  152. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_full.segment.rsc +18 -18
  153. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_head.segment.rsc +1 -1
  154. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_index.segment.rsc +2 -2
  155. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_tree.segment.rsc +2 -2
  156. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.html +1 -1
  157. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.rsc +18 -18
  158. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk/memory/timeline/__PAGE__.segment.rsc +1 -1
  159. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk/memory/timeline.segment.rsc +1 -1
  160. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  161. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  162. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_full.segment.rsc +18 -18
  163. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_head.segment.rsc +1 -1
  164. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_index.segment.rsc +2 -2
  165. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_tree.segment.rsc +2 -2
  166. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.html +1 -9
  167. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.rsc +22 -25
  168. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/!KGRhc2hib2FyZCk/memory/__PAGE__.segment.rsc +3 -3
  169. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  170. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  171. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_full.segment.rsc +22 -25
  172. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_head.segment.rsc +1 -1
  173. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_index.segment.rsc +2 -2
  174. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_tree.segment.rsc +2 -2
  175. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.html +1 -9
  176. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.rsc +22 -24
  177. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/!KGRhc2hib2FyZCk/overview/__PAGE__.segment.rsc +3 -3
  178. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/!KGRhc2hib2FyZCk/overview.segment.rsc +1 -1
  179. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  180. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_full.segment.rsc +22 -24
  181. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_head.segment.rsc +1 -1
  182. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_index.segment.rsc +2 -2
  183. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_tree.segment.rsc +2 -2
  184. package/dashboard/.next/standalone/dashboard/.next/server/app/page_client-reference-manifest.js +1 -1
  185. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.html +1 -1
  186. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.rsc +18 -18
  187. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk/protection/audit/__PAGE__.segment.rsc +1 -1
  188. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk/protection/audit.segment.rsc +1 -1
  189. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  190. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  191. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_full.segment.rsc +18 -18
  192. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_head.segment.rsc +1 -1
  193. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_index.segment.rsc +2 -2
  194. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_tree.segment.rsc +2 -2
  195. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.html +1 -1
  196. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.rsc +22 -20
  197. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk/protection/intercepts/__PAGE__.segment.rsc +1 -1
  198. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk/protection/intercepts.segment.rsc +1 -1
  199. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  200. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  201. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_full.segment.rsc +22 -20
  202. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_head.segment.rsc +1 -1
  203. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_index.segment.rsc +2 -2
  204. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_tree.segment.rsc +2 -2
  205. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.html +1 -1
  206. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.rsc +22 -20
  207. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk/protection/iron-dome/__PAGE__.segment.rsc +1 -1
  208. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk/protection/iron-dome.segment.rsc +1 -1
  209. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  210. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  211. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_full.segment.rsc +22 -20
  212. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_head.segment.rsc +1 -1
  213. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_index.segment.rsc +2 -2
  214. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_tree.segment.rsc +2 -2
  215. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.html +1 -1
  216. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.rsc +22 -20
  217. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk/protection/policies/__PAGE__.segment.rsc +1 -1
  218. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk/protection/policies.segment.rsc +1 -1
  219. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  220. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  221. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_full.segment.rsc +22 -20
  222. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_head.segment.rsc +1 -1
  223. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_index.segment.rsc +2 -2
  224. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_tree.segment.rsc +2 -2
  225. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.html +1 -1
  226. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.rsc +22 -20
  227. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk/protection/quarantine/__PAGE__.segment.rsc +1 -1
  228. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk/protection/quarantine.segment.rsc +1 -1
  229. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  230. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  231. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_full.segment.rsc +22 -20
  232. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_head.segment.rsc +1 -1
  233. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_index.segment.rsc +2 -2
  234. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_tree.segment.rsc +2 -2
  235. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.html +1 -9
  236. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.rsc +20 -19
  237. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/!KGRhc2hib2FyZCk/protection/__PAGE__.segment.rsc +2 -2
  238. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  239. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  240. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_full.segment.rsc +20 -19
  241. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_head.segment.rsc +1 -1
  242. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_index.segment.rsc +2 -2
  243. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_tree.segment.rsc +2 -2
  244. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.html +1 -9
  245. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.rsc +20 -22
  246. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/!KGRhc2hib2FyZCk/settings/__PAGE__.segment.rsc +2 -2
  247. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/!KGRhc2hib2FyZCk/settings.segment.rsc +1 -1
  248. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  249. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_full.segment.rsc +20 -22
  250. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_head.segment.rsc +1 -1
  251. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_index.segment.rsc +2 -2
  252. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_tree.segment.rsc +2 -2
  253. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.html +1 -1
  254. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.rsc +18 -18
  255. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk/supply-chain/xray/__PAGE__.segment.rsc +1 -1
  256. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk/supply-chain/xray.segment.rsc +1 -1
  257. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk/supply-chain.segment.rsc +1 -1
  258. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  259. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_full.segment.rsc +18 -18
  260. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_head.segment.rsc +1 -1
  261. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_index.segment.rsc +2 -2
  262. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_tree.segment.rsc +2 -2
  263. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.html +1 -1
  264. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.rsc +18 -19
  265. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/!KGRhc2hib2FyZCk/supply-chain/__PAGE__.segment.rsc +1 -1
  266. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/!KGRhc2hib2FyZCk/supply-chain.segment.rsc +1 -1
  267. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  268. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_full.segment.rsc +18 -19
  269. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_head.segment.rsc +1 -1
  270. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_index.segment.rsc +2 -2
  271. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_tree.segment.rsc +2 -2
  272. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.html +1 -9
  273. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.rsc +20 -22
  274. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/!KGRhc2hib2FyZCk/xray/__PAGE__.segment.rsc +2 -2
  275. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/!KGRhc2hib2FyZCk/xray.segment.rsc +1 -1
  276. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/!KGRhc2hib2FyZCk.segment.rsc +10 -9
  277. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_full.segment.rsc +20 -22
  278. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_head.segment.rsc +1 -1
  279. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_index.segment.rsc +2 -2
  280. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_tree.segment.rsc +2 -2
  281. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/9f1d4_lucide-react_dist_esm_icons_47ec4567._.js +3 -0
  282. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/[root-of-the-server]__7d500b5a._.js +1 -9
  283. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/[root-of-the-server]__bea9887b._.js +3 -0
  284. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/{dashboard_45d60d74._.js → dashboard_01e81e69._.js} +2 -2
  285. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_14d63e36._.js +3 -0
  286. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_1b261cd5._.js +3 -0
  287. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_1b3af814._.js +3 -0
  288. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_44a1539a._.js +3 -0
  289. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_4835c323._.js +3 -0
  290. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_599483f2._.js +3 -0
  291. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_5ca514a1._.js +1 -1
  292. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_a6877bbc._.js +3 -0
  293. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_c219bf07._.js +3 -3
  294. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_861871f9._.js +3 -0
  295. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_app_(dashboard)_overview_page_tsx_8c105626._.js +1 -1
  296. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_components_de7ac4f9._.js +3 -0
  297. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_components_protection_ProtectionOverview_tsx_54554a97._.js +2 -2
  298. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_components_xray_XRayOverview_tsx_ceba698e._.js +1 -1
  299. package/dashboard/.next/standalone/dashboard/.next/server/pages/404.html +1 -9
  300. package/dashboard/.next/standalone/dashboard/.next/server/pages/500.html +2 -2
  301. package/dashboard/.next/standalone/dashboard/.next/server/server-reference-manifest.js +1 -1
  302. package/dashboard/.next/standalone/dashboard/.next/server/server-reference-manifest.json +1 -1
  303. package/dashboard/.next/standalone/dashboard/.next/static/chunks/1600063be806f47c.js +1 -0
  304. package/dashboard/.next/standalone/dashboard/.next/static/chunks/61aaa0c660c32b96.js +1 -0
  305. package/dashboard/.next/standalone/dashboard/.next/static/chunks/69074f4a9b09c31d.js +1 -0
  306. package/dashboard/.next/standalone/dashboard/.next/static/chunks/881477f5d01c1d9b.js +1 -0
  307. package/dashboard/.next/standalone/dashboard/.next/static/chunks/8eabb856fd0e50b7.js +1 -0
  308. package/dashboard/.next/standalone/dashboard/.next/static/chunks/98ae91e0a6f5d317.css +1 -0
  309. package/dashboard/.next/standalone/dashboard/.next/static/chunks/a95dbcc1842ad9d7.js +1 -0
  310. package/dashboard/.next/standalone/dashboard/.next/static/chunks/{4d0b86f6afedd8b5.js → b8eceefe44227149.js} +2 -2
  311. package/dashboard/.next/standalone/dashboard/.next/static/chunks/{f86a7ba98ba185c3.js → cfbc41857d998b74.js} +6 -6
  312. package/dashboard/.next/standalone/dashboard/.next/static/chunks/d2837977142371d5.js +1 -0
  313. package/dashboard/.next/standalone/dashboard/.next/static/chunks/de9f5ba8bc67d4d9.js +1 -0
  314. package/dashboard/.next/standalone/dashboard/.next/static/chunks/e8884e7f3b85fd0b.js +1 -0
  315. package/dashboard/.next/standalone/dashboard/node_modules/source-map/package.json +73 -0
  316. package/dashboard/.next/standalone/dashboard/node_modules/source-map-support/package.json +31 -0
  317. package/dashboard/.next/standalone/dashboard/package.json +8 -6
  318. package/dist/api/routes/memories.js +14 -1
  319. package/dist/defence/quarantine/review.js +29 -7
  320. package/dist/defence/trust/recall-filter.js +6 -2
  321. package/dist/defence/trust/source-scorer.js +5 -0
  322. package/dist/memory/consolidate.js +50 -18
  323. package/dist/memory/lifecycle.js +13 -0
  324. package/dist/memory/store.d.ts +1 -0
  325. package/dist/memory/store.js +73 -54
  326. package/package.json +1 -1
  327. package/scripts/lib/recall-defence.mjs +254 -0
  328. package/scripts/lib/save-memory.mjs +12 -3
  329. package/scripts/prompt-recall-hook.mjs +33 -0
  330. package/scripts/session-start-hook.mjs +36 -4
  331. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/9f1d4_lucide-react_dist_esm_icons_3a8e61d9._.js +0 -3
  332. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/[root-of-the-server]__7f43774d._.js +0 -3
  333. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_11e120e8._.js +0 -3
  334. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_2373e047._.js +0 -3
  335. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_283c47c0._.js +0 -3
  336. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_30ecb37e._.js +0 -3
  337. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_5ccb6514._.js +0 -3
  338. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_6999a855._.js +0 -3
  339. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_c33b336f._.js +0 -3
  340. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_44a9f72c._.js +0 -3
  341. package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_d191b6dc._.js +0 -3
  342. package/dashboard/.next/standalone/dashboard/.next/static/chunks/0fa2c109e0d6d832.js +0 -1
  343. package/dashboard/.next/standalone/dashboard/.next/static/chunks/1aba5ddfecdd0947.js +0 -1
  344. package/dashboard/.next/standalone/dashboard/.next/static/chunks/349dace3a1c9af01.js +0 -1
  345. package/dashboard/.next/standalone/dashboard/.next/static/chunks/3b671e7effc074d1.js +0 -1
  346. package/dashboard/.next/standalone/dashboard/.next/static/chunks/6aba18b7aac42ccd.js +0 -1
  347. package/dashboard/.next/standalone/dashboard/.next/static/chunks/75769fa28c7a2e99.js +0 -1
  348. package/dashboard/.next/standalone/dashboard/.next/static/chunks/8d4a0f601450b091.js +0 -1
  349. package/dashboard/.next/standalone/dashboard/.next/static/chunks/aee9601911b790ca.css +0 -1
  350. package/dashboard/.next/standalone/dashboard/.next/static/chunks/bcfaf98940462e7d.js +0 -1
  351. package/dashboard/.next/standalone/dashboard/.next/static/chunks/c55c1a1a956d2aff.js +0 -1
  352. /package/dashboard/.next/standalone/dashboard/.next/static/{bUb5MH6iktj_Ue6clRY9Y → _JsmCyMaqewdhBNXZu1me}/_buildManifest.js +0 -0
  353. /package/dashboard/.next/standalone/dashboard/.next/static/{bUb5MH6iktj_Ue6clRY9Y → _JsmCyMaqewdhBNXZu1me}/_clientMiddlewareManifest.json +0 -0
  354. /package/dashboard/.next/standalone/dashboard/.next/static/{bUb5MH6iktj_Ue6clRY9Y → _JsmCyMaqewdhBNXZu1me}/_ssgManifest.js +0 -0
  355. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/buffer-from/index.js +0 -0
  356. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/buffer-from/package.json +0 -0
  357. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/array-set.js +0 -0
  358. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/base64-vlq.js +0 -0
  359. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/base64.js +0 -0
  360. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/binary-search.js +0 -0
  361. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/mapping-list.js +0 -0
  362. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/quick-sort.js +0 -0
  363. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/source-map-consumer.js +0 -0
  364. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/source-map-generator.js +0 -0
  365. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/source-node.js +0 -0
  366. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/lib/util.js +0 -0
  367. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map/source-map.js +0 -0
  368. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map-support/LICENSE.md +0 -0
  369. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map-support/README.md +0 -0
  370. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map-support/browser-source-map-support.js +0 -0
  371. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map-support/register.js +0 -0
  372. /package/dashboard/.next/standalone/{node_modules → dashboard/node_modules}/source-map-support/source-map-support.js +0 -0
package/dist/memory/lifecycle.js CHANGED
@@ -26,6 +26,11 @@ import { activateMemory as spreadActivation } from './activation.js';
26
26
  import { jaccardSimilarity } from './similarity.js';
27
27
  import { emitMemoryAccessed, emitMemoryUpdated, persistEvent, } from '../api/events.js';
28
28
  import { createMemoryLink } from './links.js';
29
+ import { runDefencePipeline } from '../defence/index.js';
30
+ // Enrichment text is recall-query / caller-derived (attacker-influenced); scan
31
+ // it before persisting. Trust doesn't matter here (the row keeps its own) — we
32
+ // only act on the firewall verdict, so a low-trust web source is fine.
33
+ const ENRICH_SOURCE = { type: 'web', identifier: 'enrichment' };
29
34
  // Cyclic import — see header. getMemoryById/rowToMemory/getMemoriesByType
30
35
  // live in store.ts; MAX_CONTENT_SIZE is the per-memory content budget
31
36
  // that both truncateContent (store.ts) and enrichMemory (here) honour.
@@ -194,6 +199,14 @@ export function enrichMemory(memoryId, newContext, contextType = 'access') {
194
199
  if (newContent.length > MAX_CONTENT_SIZE - 500) {
195
200
  return { enriched: false, reason: 'Content size limit reached' };
196
201
  }
202
+ // DEFENCE: re-scan the merged content before persisting — the read-path
203
+ // analogue of mergeMemories. The appended text comes from a recall query /
204
+ // caller and could straddle an injection or credential into a clean stored
205
+ // row. Skip (don't poison) on a non-ALLOW verdict.
206
+ const defenceResult = runDefencePipeline(newContent, memory.title, ENRICH_SOURCE, undefined, memory.project ?? undefined);
207
+ if (defenceResult.firewall.result !== 'ALLOW') {
208
+ return { enriched: false, reason: `Enrichment blocked by defence: ${defenceResult.firewall.reason}` };
209
+ }
197
210
  // Update memory
198
211
  db.prepare(`
199
212
  UPDATE memories
package/dist/memory/store.d.ts CHANGED
@@ -7,6 +7,7 @@
7
7
  import { Memory, MemoryInput, MemoryType, MemoryConfig } from './types.js';
8
8
  import type { DefenceSource } from '../defence/types.js';
9
9
  export declare const MAX_CONTENT_SIZE: number;
10
+ export declare const UNATTRIBUTED_SOURCE: DefenceSource;
10
11
  /**
11
12
  * Get truncation info from the last addMemory call
12
13
  */
package/dist/memory/store.js CHANGED
@@ -32,6 +32,13 @@ import { createMemoryLink, detectRelationships } from './links.js';
32
32
  // Anti-bloat: Maximum content size per memory (10KB).
33
33
  // Exported because lifecycle.ts also enforces this budget inside enrichMemory.
34
34
  export const MAX_CONTENT_SIZE = 10 * 1024;
35
+ // Synthetic source for writes that arrive without an attributed DefenceSource
36
+ // (dashboard REST POST, bulk paths, etc). It MUST score strictly below the
37
+ // 0.5–0.7 auto-quarantine band (web = 0.3) so unattributed writes are SCANNED
38
+ // + stamped low-trust rather than admitted unscanned at trust 1.0 — but are not
39
+ // force-quarantined (which would make every source-less write throw). Closing
40
+ // the old `if (source)` defence-pipeline bypass.
41
+ export const UNATTRIBUTED_SOURCE = { type: 'web', identifier: 'unattributed' };
35
42
  // Track truncation info globally for the last addMemory call
36
43
  let lastTruncationInfo = null;
37
44
  /**
@@ -326,43 +333,46 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
326
333
  });
327
334
  throw new MemoryBlockedError(`Rate limited: exceeded ${RATE_LIMIT_MAX} writes per minute`);
328
335
  }
329
- // DEFENCE PIPELINE: Scan content before storage
330
- let defenceResult = null;
331
- if (source) {
332
- defenceResult = runDefencePipeline(input.content, input.title, source, undefined, input.project);
333
- // Auto-quarantine sub-agent writes (trust 0.5–0.7)
334
- const trust = defenceResult.trust.score;
335
- if (defenceResult.allowed && trust >= 0.5 && trust < 0.7) {
336
- defenceResult.allowed = false;
337
- defenceResult.firewall.result = 'QUARANTINE';
338
- defenceResult.firewall.reason = `Sub-agent write (trust=${trust.toFixed(3)}) requires parent approval`;
339
- // Pipeline returned ALLOW so pipeline.ts didn't sync quarantine content.
340
- // Sync it now since we've overridden to QUARANTINE post-pipeline.
341
- if (isFeatureEnabled('cloud_sync'))
342
- try {
343
- const indicators = defenceResult.firewall.threatIndicators.map(t => typeof t === 'string' ? t : t.pattern ?? String(t));
344
- syncQuarantineToCloud({
345
- original_content: input.content,
346
- original_title: input.title,
347
- source_type: source.type,
348
- source_identifier: source.identifier,
349
- reason: defenceResult.firewall.reason,
350
- threat_indicators: indicators,
351
- anomaly_score: defenceResult.firewall.anomalyScore,
352
- firewall_result: defenceResult.firewall.result,
353
- project: input.project ?? null,
354
- sensitivity_level: defenceResult.sensitivity.level,
355
- });
356
- }
357
- catch {
358
- // Cloud sync must never affect local quarantine flow
359
- }
360
- }
361
- if (!defenceResult.allowed) {
362
- // Store in quarantine instead of memory
363
- quarantineMemory(input, source, defenceResult);
364
- throw new MemoryBlockedError(defenceResult.firewall.reason);
365
- }
336
+ // DEFENCE PIPELINE: Scan EVERY write before storage. Source-less writes get a
337
+ // conservative low-trust synthetic source (UNATTRIBUTED_SOURCE = web:0.3) so
338
+ // they are still scanned + stamped low-trust instead of admitted unscanned at
339
+ // trust 1.0 closing the old `if (source)` bypass. Rate-limiting stays gated
340
+ // on an explicit source (above) so bulk source-less/import writes aren't
341
+ // throttled by the shared synthetic key.
342
+ const effectiveSource = source ?? UNATTRIBUTED_SOURCE;
343
+ const defenceResult = runDefencePipeline(input.content, input.title, effectiveSource, undefined, input.project);
344
+ // Auto-quarantine sub-agent writes (trust 0.5–0.7)
345
+ const trust = defenceResult.trust.score;
346
+ if (defenceResult.allowed && trust >= 0.5 && trust < 0.7) {
347
+ defenceResult.allowed = false;
348
+ defenceResult.firewall.result = 'QUARANTINE';
349
+ defenceResult.firewall.reason = `Sub-agent write (trust=${trust.toFixed(3)}) requires parent approval`;
350
+ // Pipeline returned ALLOW so pipeline.ts didn't sync quarantine content.
351
+ // Sync it now since we've overridden to QUARANTINE post-pipeline.
352
+ if (isFeatureEnabled('cloud_sync'))
353
+ try {
354
+ const indicators = defenceResult.firewall.threatIndicators.map(t => typeof t === 'string' ? t : t.pattern ?? String(t));
355
+ syncQuarantineToCloud({
356
+ original_content: input.content,
357
+ original_title: input.title,
358
+ source_type: effectiveSource.type,
359
+ source_identifier: effectiveSource.identifier,
360
+ reason: defenceResult.firewall.reason,
361
+ threat_indicators: indicators,
362
+ anomaly_score: defenceResult.firewall.anomalyScore,
363
+ firewall_result: defenceResult.firewall.result,
364
+ project: input.project ?? null,
365
+ sensitivity_level: defenceResult.sensitivity.level,
366
+ });
367
+ }
368
+ catch {
369
+ // Cloud sync must never affect local quarantine flow
370
+ }
371
+ }
372
+ if (!defenceResult.allowed) {
373
+ // Store in quarantine instead of memory
374
+ quarantineMemory(input, effectiveSource, defenceResult);
375
+ throw new MemoryBlockedError(defenceResult.firewall.reason);
366
376
  }
367
377
  const db = getDatabase();
368
378
  // Calculate salience if not provided
@@ -377,7 +387,7 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
377
387
  const scope = input.scope ??
378
388
  (detectGlobalPattern(input.content, category, tags) ? 'global' : 'project');
379
389
  const transferable = input.transferable ?? (scope === 'global' ? 1 : 0);
380
- const sourceDetails = inferSourceDetails({ ...input, tags }, source);
390
+ const sourceDetails = inferSourceDetails({ ...input, tags }, effectiveSource);
381
391
  const status = input.status ?? 'active';
382
392
  const pinned = input.pinned ? 1 : 0;
383
393
  const cloudExcluded = input.cloudExcluded ? 1 : 0;
@@ -400,14 +410,11 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
400
410
  const insertedId = db.transaction(() => {
401
411
  const memoryUuid = randomUUID();
402
412
  const result = stmt.run(memoryUuid, type, category, input.title, truncationResult.content, input.project || null, JSON.stringify(tags), salience, JSON.stringify(input.metadata || {}), scope, transferable, status, pinned, input.reviewedBy ? new Date().toISOString() : null, input.reviewedBy ?? null, sourceDetails.sourceKind, sourceDetails.captureMethod, cloudExcluded, input.memoryPurpose || 'project', input.memoryScope || 'private');
403
- if (defenceResult) {
404
- db.prepare(`UPDATE memories SET trust_score = ?, sensitivity_level = ?, source = ? WHERE id = ?`)
405
- .run(defenceResult.trust.score, defenceResult.sensitivity.level, sourceDetails.sourceValue, result.lastInsertRowid);
406
- }
407
- else {
408
- db.prepare(`UPDATE memories SET source = ?, trust_score = COALESCE(trust_score, ?), sensitivity_level = COALESCE(sensitivity_level, ?) WHERE id = ?`)
409
- .run(sourceDetails.sourceValue, input.trustScore ?? 1.0, input.sensitivityLevel ?? 'INTERNAL', result.lastInsertRowid);
410
- }
413
+ // defenceResult is always set now (every write is scanned), so always stamp
414
+ // the pipeline's real trust + sensitivity alongside the resolved source
415
+ // no source-less branch can default to trust 1.0 / unscanned INTERNAL.
416
+ db.prepare(`UPDATE memories SET trust_score = ?, sensitivity_level = ?, source = ? WHERE id = ?`)
417
+ .run(defenceResult.trust.score, defenceResult.sensitivity.level, sourceDetails.sourceValue, result.lastInsertRowid);
411
418
  return result.lastInsertRowid;
412
419
  })();
413
420
  const memory = getMemoryById(insertedId);
@@ -454,14 +461,14 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
454
461
  // Don't fail memory creation if linking fails
455
462
  console.error('[shieldcortex] Auto-link failed:', e);
456
463
  }
457
- // DEFENCE: Store fragmentation data for cross-memory payload detection
458
- if (source) {
459
- try {
460
- storeFragmentationData(memory.id, truncationResult.content);
461
- }
462
- catch (e) {
463
- console.warn('[shieldcortex] Fragmentation data storage failed:', e instanceof Error ? e.message : e);
464
- }
464
+ // DEFENCE: Store fragmentation data for cross-memory payload detection.
465
+ // Un-gated from `if (source)` so source-less writes also feed the temporal
466
+ // assembly corpus (a blind spot the write-bypass left).
467
+ try {
468
+ storeFragmentationData(memory.id, truncationResult.content);
469
+ }
470
+ catch (e) {
471
+ console.warn('[shieldcortex] Fragmentation data storage failed:', e instanceof Error ? e.message : e);
465
472
  }
466
473
  // SEMANTIC SEARCH: Generate embedding asynchronously (don't block INSERT)
467
474
  const memoryId = memory.id;
@@ -582,6 +589,18 @@ export function updateMemory(id, updates) {
582
589
  const existing = getMemoryById(id);
583
590
  if (!existing)
584
591
  return null;
592
+ // DEFENCE: re-scan when content/title changes — the UPDATE path is otherwise
593
+ // an unscanned write (reachable via remember-dedup + the dashboard PATCH).
594
+ // Mirror mergeMemories: fail closed on a non-ALLOW verdict so a poison content
595
+ // replace can't overwrite a clean row unchecked.
596
+ if (updates.content !== undefined || updates.title !== undefined) {
597
+ const scanContent = updates.content !== undefined ? updates.content : existing.content;
598
+ const scanTitle = updates.title !== undefined ? updates.title : existing.title;
599
+ const defenceResult = runDefencePipeline(scanContent, scanTitle, UNATTRIBUTED_SOURCE, undefined, existing.project ?? undefined);
600
+ if (defenceResult.firewall.result !== 'ALLOW') {
601
+ throw new MemoryBlockedError(defenceResult.firewall.reason);
602
+ }
603
+ }
585
604
  const fields = [];
586
605
  const values = [];
587
606
  if (updates.title !== undefined) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shieldcortex",
3
- "version": "4.34.0",
3
+ "version": "4.36.0",
4
4
  "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
package/scripts/lib/recall-defence.mjs ADDED
@@ -0,0 +1,254 @@
1
+ /**
2
+ * Recall-boundary defence shim (Feature #1).
3
+ *
4
+ * The read hooks (prompt-recall, session-start) used to inject recalled memory
5
+ * VERBATIM into the model prompt with no defence. This module sits between the
6
+ * SQL SELECT and the formatter: it filters rows by trust/sensitivity (via the
7
+ * dead-no-more filterByTrust) and re-scans surviving content for injection /
8
+ * credentials / encoded payloads, withholding (not deleting) anything bad so a
9
+ * poisoned or RESTRICTED row never reaches the model.
10
+ *
11
+ * `defendRecallRows` is PURE + dependency-injected so it unit-tests with no dist
12
+ * build and no DB. `loadRecallDefence` / `emitRecallAudit` (below) wire the real
13
+ * dist modules for the hooks and are exercised by the integration test.
14
+ */
15
+
16
+ import { dirname, resolve } from 'node:path';
17
+ import { fileURLToPath, pathToFileURL } from 'node:url';
18
+
19
+ const RESTRICTED_MARKER = '[REDACTED - RESTRICTED]';
20
+
21
+ let _recallDefenceCache = null;
22
+ let _recallDefenceCacheKey = null;
23
+
24
+ /**
25
+ * Lazy-load the built dist defence modules the read hooks need. Returns null if
26
+ * the dist build is missing/incomplete → the caller MUST fail OPEN (leave recall
27
+ * unchanged), because blanking recall in an un-built dev workspace would break
28
+ * the product. Imports only LEAF detector modules (never dist/defence/pipeline.js)
29
+ * to stay inside the hook's <500ms budget; caches across invocations.
30
+ *
31
+ * @param {string} [distRootOverride] test seam — point at an empty dir to assert fail-open.
32
+ */
33
+ export async function loadRecallDefence(distRootOverride) {
34
+ const here = dirname(fileURLToPath(import.meta.url));
35
+ const distRoot = distRootOverride ?? resolve(here, '..', '..', 'dist');
36
+ if (_recallDefenceCache && _recallDefenceCacheKey === distRoot) return _recallDefenceCache;
37
+
38
+ try {
39
+ const [trustMod, firewallMod, credMod, auditMod, initMod, sanitiseMod] = await Promise.all([
40
+ import(pathToFileURL(resolve(distRoot, 'defence', 'trust', 'recall-filter.js')).href),
41
+ import(pathToFileURL(resolve(distRoot, 'defence', 'firewall', 'index.js')).href),
42
+ import(pathToFileURL(resolve(distRoot, 'defence', 'credential-leak', 'index.js')).href),
43
+ import(pathToFileURL(resolve(distRoot, 'defence', 'audit', 'logger.js')).href),
44
+ import(pathToFileURL(resolve(distRoot, 'database', 'init.js')).href),
45
+ import(pathToFileURL(resolve(distRoot, 'defence', 'input-sanitisation', 'index.js')).href).catch(() => ({})),
46
+ ]);
47
+
48
+ if (
49
+ typeof trustMod.filterByTrust !== 'function' ||
50
+ typeof firewallMod.detectInstructions !== 'function' ||
51
+ typeof firewallMod.detectEncoding !== 'function' ||
52
+ typeof credMod.scanForCredentials !== 'function' ||
53
+ typeof auditMod.logAudit !== 'function' ||
54
+ typeof initMod.initDatabase !== 'function'
55
+ ) {
56
+ return null;
57
+ }
58
+
59
+ _recallDefenceCache = {
60
+ filterByTrust: trustMod.filterByTrust,
61
+ // Optional — strips zero-width/RTL/control bytes before scanning so a
62
+ // hidden injection can't dodge the regex detectors; defendRecallRows guards.
63
+ sanitiseInput: sanitiseMod.sanitiseInput,
64
+ detectInstructions: firewallMod.detectInstructions,
65
+ detectEncoding: firewallMod.detectEncoding,
66
+ // Optional — older dist builds may not export it; defendRecallRows guards.
67
+ detectMarkdownImageExfil: firewallMod.detectMarkdownImageExfil,
68
+ scanForCredentials: credMod.scanForCredentials,
69
+ logAudit: auditMod.logAudit,
70
+ initDatabase: initMod.initDatabase,
71
+ isDatabaseInitialized: initMod.isDatabaseInitialized,
72
+ getDatabase: initMod.getDatabase,
73
+ closeDatabase: initMod.closeDatabase,
74
+ };
75
+ _recallDefenceCacheKey = distRoot;
76
+ return _recallDefenceCache;
77
+ } catch {
78
+ return null;
79
+ }
80
+ }
81
+
82
+ /**
83
+ * Point the dist DB singleton (used by logAudit) at the hook's DB so withhold
84
+ * audit rows are visible across connections. Only needed when ≥1 row is withheld
85
+ * — keep it out of the common all-clear path. Best-effort.
86
+ */
87
+ export function ensureRecallAuditDb(defence, dbPath) {
88
+ if (!defence || !dbPath || dbPath === ':memory:') return;
89
+ try {
90
+ if (defence.isDatabaseInitialized && defence.isDatabaseInitialized()) {
91
+ const current = defence.getDatabase();
92
+ if (current && current.name === dbPath) return;
93
+ if (defence.closeDatabase) defence.closeDatabase();
94
+ }
95
+ defence.initDatabase(dbPath);
96
+ } catch {
97
+ // logAudit no-ops gracefully if the singleton isn't initialised.
98
+ }
99
+ }
100
+
101
+ /**
102
+ * Write a defence_audit row recording a withheld/redacted recall. Best-effort —
103
+ * never throws into the hook (a recall must not fail because audit failed).
104
+ */
105
+ export function emitRecallAudit(logAudit, { memoryId, action, layer, reason, project } = {}) {
106
+ try {
107
+ logAudit({
108
+ memory_id: typeof memoryId === 'number' ? memoryId : null,
109
+ project: project ?? null,
110
+ timestamp: new Date().toISOString(),
111
+ source_type: 'hook',
112
+ source_identifier: 'recall-defence',
113
+ trust_score: 0,
114
+ sensitivity_level: 'INTERNAL',
115
+ // No 'READ' firewall result exists; encode the withhold as BLOCK (dropped)
116
+ // / QUARANTINE (redacted) with the detail in `reason`.
117
+ firewall_result: action === 'redacted' ? 'QUARANTINE' : 'BLOCK',
118
+ anomaly_score: 0,
119
+ threat_indicators: JSON.stringify([`recall:${layer ?? 'unknown'}`]),
120
+ blocked_patterns: '[]',
121
+ reason: `recall-withheld: ${reason ?? layer ?? 'policy'}`,
122
+ fragmentation_score: null,
123
+ pipeline_duration_ms: 0,
124
+ });
125
+ } catch {
126
+ // best-effort
127
+ }
128
+ }
129
+
130
+ function parseMetadata(meta) {
131
+ if (meta == null) return {};
132
+ if (typeof meta === 'object') return meta;
133
+ if (typeof meta === 'string') {
134
+ try {
135
+ return JSON.parse(meta);
136
+ } catch {
137
+ return {};
138
+ }
139
+ }
140
+ return {};
141
+ }
142
+
143
+ /**
144
+ * Filter recalled rows through the trust/sensitivity + content defence layers.
145
+ *
146
+ * @param {Array<object>} rows raw recalled rows (better-sqlite3 rows — NOT mutated)
147
+ * @param {{ minTrust?: number, project?: string, reviewedPinnedBypass?: boolean }} opts
148
+ * @param {{ filterByTrust, detectInstructions, scanForCredentials, detectEncoding }} deps
149
+ * @returns {{ kept: object[], actions: Array<{id:any, action:'allowed'|'dropped'|'redacted', layer:string|null, reason:string|null}> }}
150
+ */
151
+ export function defendRecallRows(rows, opts = {}, deps) {
152
+ const minTrust = typeof opts.minTrust === 'number' ? opts.minTrust : 0;
153
+ const reviewedPinnedBypass = opts.reviewedPinnedBypass !== false; // default ON
154
+ const actions = [];
155
+
156
+ // Shallow copies — never mutate the better-sqlite3 rows (reused by the dedupe
157
+ // ring + telemetry). Coalesce undefined trust → 1.0 (column DEFAULT 1.0) so a
158
+ // legacy un-migrated row isn't dropped as trust 0 by filterByTrust.
159
+ const copies = rows.map((r) => ({
160
+ ...r,
161
+ trust_score: r.trust_score ?? 1.0,
162
+ metadata: parseMetadata(r.metadata),
163
+ }));
164
+
165
+ // Trust + sensitivity: drops quarantined/below-minTrust, redacts RESTRICTED.
166
+ const trusted = deps.filterByTrust(copies, minTrust, opts.project);
167
+ const trustedIds = new Set(trusted.map((r) => r.id));
168
+ for (const c of copies) {
169
+ if (!trustedIds.has(c.id)) {
170
+ actions.push({ id: c.id, action: 'dropped', layer: 'trust', reason: `trust<${minTrust} or quarantined` });
171
+ }
172
+ }
173
+
174
+ const kept = [];
175
+ for (const row of trusted) {
176
+ // Already redacted by the trust layer — keep the masked row, don't re-scan
177
+ // the marker.
178
+ if (row.content === RESTRICTED_MARKER) {
179
+ actions.push({ id: row.id, action: 'redacted', layer: 'restricted', reason: 'RESTRICTED content redacted on recall' });
180
+ kept.push(row);
181
+ continue;
182
+ }
183
+
184
+ // Reviewed/pinned bypass: a human-reviewed or pinned memory skips the
185
+ // content detectors (trust/RESTRICTED above still applied) so a legitimately
186
+ // reviewed security note isn't re-suppressed at read time.
187
+ if (reviewedPinnedBypass && (row.reviewed_at != null || row.pinned)) {
188
+ actions.push({ id: row.id, action: 'allowed', layer: 'bypass', reason: 'reviewed/pinned — content scan skipped' });
189
+ kept.push(row);
190
+ continue;
191
+ }
192
+
193
+ const content = typeof row.content === 'string' ? row.content : '';
194
+ // Sanitise (strip zero-width / RTL / control bytes) BEFORE scanning — the
195
+ // write path does this, so an injection hidden behind zero-width chars
196
+ // otherwise dodges the read-path regex detectors. Scan the sanitised form;
197
+ // the original (benign zero-width is harmless) is what gets injected.
198
+ const scanContent = deps.sanitiseInput ? (deps.sanitiseInput(content)?.sanitised ?? content) : content;
199
+
200
+ const instr = deps.detectInstructions(scanContent);
201
+ if (instr && instr.detected) {
202
+ actions.push({ id: row.id, action: 'dropped', layer: 'instruction', reason: `instruction:${(instr.patterns ?? []).join(',')}` });
203
+ continue;
204
+ }
205
+
206
+ // Mirror the WRITE path: drop only on a BLOCKING credential finding, not a
207
+ // warned/logged one. A benign high-entropy hash / cache key is stored
208
+ // (write blocks only on action==='blocked'), so recall must not be stricter
209
+ // or it silently withholds legitimate notes.
210
+ const cred = deps.scanForCredentials(scanContent);
211
+ const credBlocked = !!cred && Array.isArray(cred.findings) && cred.findings.some((f) => f && f.action === 'blocked');
212
+ if (credBlocked) {
213
+ const blocked = cred.findings.filter((f) => f && f.action === 'blocked');
214
+ actions.push({ id: row.id, action: 'dropped', layer: 'credential', reason: `credential:${blocked.length}` });
215
+ continue;
216
+ }
217
+
218
+ // Decode-and-rescan: a bare encoding flag is NOT a drop (base64 hashes are
219
+ // common) — only drop if a DECODED snippet itself trips a detector.
220
+ const enc = deps.detectEncoding(scanContent);
221
+ if (enc && enc.detected) {
222
+ let malicious = false;
223
+ for (const snippet of enc.decodedSnippets ?? []) {
224
+ const di = deps.detectInstructions(snippet);
225
+ const dc = deps.scanForCredentials(snippet);
226
+ const dcBlocked = !!dc && Array.isArray(dc.findings) && dc.findings.some((f) => f && f.action === 'blocked');
227
+ if ((di && di.detected) || dcBlocked) {
228
+ malicious = true;
229
+ break;
230
+ }
231
+ }
232
+ if (malicious) {
233
+ actions.push({ id: row.id, action: 'dropped', layer: 'encoding', reason: `encoding-payload:${(enc.encodingTypes ?? []).join(',')}` });
234
+ continue;
235
+ }
236
+ }
237
+
238
+ // Markdown-image exfil: a stored ![alt](url?d=<smuggled>) is a click-free
239
+ // data-leak shape the write firewall catches but the read path didn't.
240
+ // detectMarkdownImageExfil only flags data-bearing image URLs (low FP).
241
+ if (deps.detectMarkdownImageExfil) {
242
+ const mdImg = deps.detectMarkdownImageExfil(scanContent);
243
+ if (mdImg && mdImg.detected) {
244
+ actions.push({ id: row.id, action: 'dropped', layer: 'markdown-image-exfil', reason: `markdown-image-exfil:${(mdImg.urls ?? []).length}` });
245
+ continue;
246
+ }
247
+ }
248
+
249
+ actions.push({ id: row.id, action: 'allowed', layer: null, reason: null });
250
+ kept.push(row);
251
+ }
252
+
253
+ return { kept, actions };
254
+ }
package/scripts/lib/save-memory.mjs CHANGED
@@ -76,7 +76,11 @@ export async function saveAutoExtractedMemory(db, memory, project, opts = {}) {
76
76
  const decision = result.firewall.result;
77
77
 
78
78
  if (decision === 'ALLOW') {
79
- insertMemoryRow(db, memory, project, sourceIdentifier);
79
+ // Persist the COMPUTED trust + sensitivity from the scan — not the schema
80
+ // DEFAULT (trust 1.0 / INTERNAL). The INSERT used to omit these columns, so
81
+ // every hook-captured memory was over-trusted at 1.0, undercutting the
82
+ // recall shim's trust filter.
83
+ insertMemoryRow(db, memory, project, sourceIdentifier, result.trust?.score, result.sensitivity?.level);
80
84
  return;
81
85
  }
82
86
 
@@ -99,7 +103,7 @@ export async function saveAutoExtractedMemory(db, memory, project, opts = {}) {
99
103
 
100
104
  // ==================== Internal: writes ====================
101
105
 
102
- function insertMemoryRow(db, memory, project, sourceIdentifier) {
106
+ function insertMemoryRow(db, memory, project, sourceIdentifier, trustScore, sensitivityLevel) {
103
107
  const timestamp = new Date().toISOString();
104
108
 
105
109
  // Cross-call, CROSS-PATH exact-title dedup: the hook fires repeatedly (per
@@ -153,9 +157,10 @@ function insertMemoryRow(db, memory, project, sourceIdentifier) {
153
157
  INSERT INTO memories (
154
158
  uuid, title, content, type, category, salience, tags, project,
155
159
  memory_purpose, source, source_kind, capture_method,
160
+ trust_score, sensitivity_level,
156
161
  created_at, last_accessed
157
162
  )
158
- VALUES (?, ?, ?, 'short_term', ?, ?, ?, ?, ?, ?, 'hook', 'auto', ?, ?)
163
+ VALUES (?, ?, ?, 'short_term', ?, ?, ?, ?, ?, ?, 'hook', 'auto', ?, ?, ?, ?)
159
164
  `).run(
160
165
  randomUUID(),
161
166
  memory.title,
@@ -166,6 +171,10 @@ function insertMemoryRow(db, memory, project, sourceIdentifier) {
166
171
  project || null,
167
172
  memory.memoryPurpose ?? 'project',
168
173
  `hook:${sourceIdentifier}`,
174
+ // Computed by the scan above (hook source → 0.8). Fall back to the schema
175
+ // defaults only if the pipeline somehow returned no trust/sensitivity.
176
+ typeof trustScore === 'number' ? trustScore : 1.0,
177
+ sensitivityLevel ?? 'INTERNAL',
169
178
  timestamp,
170
179
  timestamp,
171
180
  );
package/scripts/prompt-recall-hook.mjs CHANGED
@@ -24,6 +24,7 @@ import { computeEffectiveSalience } from './lib/salience.mjs';
24
24
  import { writeRecallLog } from './lib/recall-log.mjs';
25
25
  import { recordHookInvocation } from './lib/telemetry.mjs';
26
26
  import { filterByRelevance, extractQueryTerms } from './lib/recall-relevance.mjs';
27
+ import { defendRecallRows, loadRecallDefence, ensureRecallAuditDb, emitRecallAudit } from './lib/recall-defence.mjs';
27
28
 
28
29
  // ==================== CONFIG ====================
29
30
 
@@ -135,6 +136,7 @@ function recallRelevant(db, project, prompt) {
135
136
  SELECT
136
137
  m.id, m.title, m.content, m.category, m.salience, fts.rank,
137
138
  m.pinned, m.access_count, m.last_accessed,
139
+ m.trust_score, m.sensitivity_level, m.metadata, m.reviewed_at,
138
140
  COALESCE(m.downvote_count, 0) AS downvote_count
139
141
  FROM memories m
140
142
  JOIN memories_fts fts ON m.id = fts.rowid
@@ -184,6 +186,7 @@ function recallRelevant(db, project, prompt) {
184
186
  SELECT
185
187
  id, title, content, category, salience,
186
188
  pinned, access_count, last_accessed,
189
+ trust_score, sensitivity_level, metadata, reviewed_at,
187
190
  COALESCE(downvote_count, 0) AS downvote_count
188
191
  FROM memories
189
192
  WHERE category = ?
@@ -517,6 +520,36 @@ process.stdin.on('end', async () => {
517
520
  }
518
521
  }
519
522
 
523
+ // ── RECALL-BOUNDARY DEFENCE (Feature #1) ─────────────────────────────
524
+ // Filter poisoned / RESTRICTED / credential-bearing rows OUT of the recalled
525
+ // set before they're formatted into the prompt. Runs after dedupe (acts on
526
+ // the final injected set) and before format + ring + telemetry (so those see
527
+ // only safe rows). FAIL-OPEN: a missing dist build leaves recall unchanged.
528
+ if (config.recallDefence !== false && memories.length > 0) {
529
+ try {
530
+ const defence = await loadRecallDefence();
531
+ if (defence) {
532
+ const minTrust = typeof config.recallDefenceMinTrust === 'number' ? config.recallDefenceMinTrust : 0;
533
+ const { kept: safe, actions } = defendRecallRows(memories, { minTrust, project }, defence);
534
+ const withheld = actions.filter((a) => a.action !== 'allowed');
535
+ if (withheld.length > 0) {
536
+ console.error(
537
+ `[shieldcortex] recall-defence withheld ${withheld.length} memory row(s): ` +
538
+ withheld.map((w) => `#${w.id}:${w.layer}`).join(', '),
539
+ );
540
+ // Only touch a writable audit connection when something was withheld.
541
+ ensureRecallAuditDb(defence, dbPath);
542
+ for (const a of withheld) {
543
+ emitRecallAudit(defence.logAudit, { memoryId: a.id, action: a.action, layer: a.layer, reason: a.reason, project });
544
+ }
545
+ }
546
+ memories = safe;
547
+ }
548
+ } catch (e) {
549
+ console.error('[shieldcortex] recall-defence skipped:', e?.message ?? e);
550
+ }
551
+ }
552
+
520
553
  const context = formatRecallContext(memories);
521
554
 
522
555
  // Update the session ring with the hashes of what we just injected.
package/scripts/session-start-hook.mjs CHANGED
@@ -25,6 +25,7 @@ import { homedir } from 'os';
25
25
  import { deriveProjectKey } from './lib/project-key.mjs';
26
26
  import { truncatePreservingWords } from './lib/truncate.mjs';
27
27
  import { orderByEffectiveSalience } from './lib/session-context.mjs';
28
+ import { defendRecallRows, loadRecallDefence, ensureRecallAuditDb, emitRecallAudit } from './lib/recall-defence.mjs';
28
29
 
29
30
  const NEW_DB_DIR = join(homedir(), '.shieldcortex');
30
31
  const LEGACY_DB_DIR = join(homedir(), '.claude-cortex');
@@ -94,7 +95,8 @@ function getProjectContext(db, project) {
94
95
  // computeEffectiveSalience.
95
96
  const candidates = db.prepare(`
96
97
  SELECT id, title, content, category, type, salience, tags, created_at,
97
- pinned, access_count, last_accessed, COALESCE(downvote_count, 0) AS downvote_count
98
+ pinned, access_count, last_accessed, trust_score, sensitivity_level, metadata, reviewed_at,
99
+ COALESCE(downvote_count, 0) AS downvote_count
98
100
  FROM memories
99
101
  WHERE (project = ? OR project IS NULL)
100
102
  AND salience >= ?
@@ -111,7 +113,8 @@ function getProjectContext(db, project) {
111
113
  const excludeIds = memories.map(m => m.id);
112
114
  const placeholders = excludeIds.length > 0 ? excludeIds.map(() => '?').join(',') : '0';
113
115
  const recent = db.prepare(`
114
- SELECT id, title, content, category, type, salience, tags, created_at
116
+ SELECT id, title, content, category, type, salience, tags, created_at,
117
+ pinned, trust_score, sensitivity_level, metadata, reviewed_at
115
118
  FROM memories
116
119
  WHERE (project = ? OR project IS NULL)
117
120
  AND id NOT IN (${placeholders})
@@ -208,7 +211,7 @@ process.stdin.on('readable', () => {
208
211
  }
209
212
  });
210
213
 
211
- process.stdin.on('end', () => {
214
+ process.stdin.on('end', async () => {
212
215
  try {
213
216
  const hookData = JSON.parse(input || '{}');
214
217
  const source = typeof hookData.source === 'string' ? hookData.source : 'startup';
@@ -239,8 +242,37 @@ process.stdin.on('end', () => {
239
242
  } else {
240
243
  const db = new Database(DB_PATH, { readonly: true, timeout: 5000 });
241
244
  memories = getProjectContext(db, project);
242
- context = formatContext(memories, project);
243
245
  db.close();
246
+
247
+ // ── RECALL-BOUNDARY DEFENCE (Feature #1) ───────────────────────────
248
+ // Same shim as prompt-recall: drop poisoned / RESTRICTED / credential
249
+ // rows from the session preamble before they're formatted. FAIL-OPEN if
250
+ // the dist build is missing (recall preamble unchanged).
251
+ if (config.recallDefence !== false && memories.length > 0) {
252
+ try {
253
+ const defence = await loadRecallDefence();
254
+ if (defence) {
255
+ const minTrust = typeof config.recallDefenceMinTrust === 'number' ? config.recallDefenceMinTrust : 0;
256
+ const { kept: safe, actions } = defendRecallRows(memories, { minTrust, project }, defence);
257
+ const withheld = actions.filter((a) => a.action !== 'allowed');
258
+ if (withheld.length > 0) {
259
+ console.error(
260
+ `[shieldcortex] recall-defence (session-start) withheld ${withheld.length} memory row(s): ` +
261
+ withheld.map((w) => `#${w.id}:${w.layer}`).join(', '),
262
+ );
263
+ ensureRecallAuditDb(defence, DB_PATH);
264
+ for (const a of withheld) {
265
+ emitRecallAudit(defence.logAudit, { memoryId: a.id, action: a.action, layer: a.layer, reason: a.reason, project });
266
+ }
267
+ }
268
+ memories = safe;
269
+ }
270
+ } catch (e) {
271
+ console.error('[shieldcortex] recall-defence skipped:', e?.message ?? e);
272
+ }
273
+ }
274
+
275
+ context = formatContext(memories, project);
244
276
  }
245
277
 
246
278
  if (context) {