shieldcortex 4.35.0 → 4.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (244) hide show
  1. package/dashboard/.next/standalone/dashboard/.next/BUILD_ID +1 -1
  2. package/dashboard/.next/standalone/dashboard/.next/build-manifest.json +2 -2
  3. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.html +2 -2
  4. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.rsc +1 -1
  5. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
  6. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
  7. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
  8. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
  9. package/dashboard/.next/standalone/dashboard/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
  10. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.html +1 -1
  11. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.rsc +1 -1
  12. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_full.segment.rsc +1 -1
  13. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_head.segment.rsc +1 -1
  14. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_index.segment.rsc +1 -1
  15. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_not-found/__PAGE__.segment.rsc +1 -1
  16. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_not-found.segment.rsc +1 -1
  17. package/dashboard/.next/standalone/dashboard/.next/server/app/_not-found.segments/_tree.segment.rsc +1 -1
  18. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.html +1 -1
  19. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.rsc +1 -1
  20. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/!KGRhc2hib2FyZCk/admin/__PAGE__.segment.rsc +1 -1
  21. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/!KGRhc2hib2FyZCk/admin.segment.rsc +1 -1
  22. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  23. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_full.segment.rsc +1 -1
  24. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_head.segment.rsc +1 -1
  25. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_index.segment.rsc +1 -1
  26. package/dashboard/.next/standalone/dashboard/.next/server/app/admin.segments/_tree.segment.rsc +1 -1
  27. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.html +1 -1
  28. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.rsc +1 -1
  29. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/!KGRhc2hib2FyZCk/cloud/__PAGE__.segment.rsc +1 -1
  30. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/!KGRhc2hib2FyZCk/cloud.segment.rsc +1 -1
  31. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  32. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_full.segment.rsc +1 -1
  33. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_head.segment.rsc +1 -1
  34. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_index.segment.rsc +1 -1
  35. package/dashboard/.next/standalone/dashboard/.next/server/app/cloud.segments/_tree.segment.rsc +1 -1
  36. package/dashboard/.next/standalone/dashboard/.next/server/app/index.html +1 -1
  37. package/dashboard/.next/standalone/dashboard/.next/server/app/index.rsc +1 -1
  38. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/__PAGE__.segment.rsc +1 -1
  39. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_full.segment.rsc +1 -1
  40. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_head.segment.rsc +1 -1
  41. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_index.segment.rsc +1 -1
  42. package/dashboard/.next/standalone/dashboard/.next/server/app/index.segments/_tree.segment.rsc +1 -1
  43. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.html +1 -1
  44. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.rsc +1 -1
  45. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk/memory/capture/__PAGE__.segment.rsc +1 -1
  46. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk/memory/capture.segment.rsc +1 -1
  47. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  48. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  49. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_full.segment.rsc +1 -1
  50. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_head.segment.rsc +1 -1
  51. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_index.segment.rsc +1 -1
  52. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/capture.segments/_tree.segment.rsc +1 -1
  53. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.html +1 -1
  54. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.rsc +1 -1
  55. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk/memory/graph/__PAGE__.segment.rsc +1 -1
  56. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk/memory/graph.segment.rsc +1 -1
  57. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  58. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  59. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_full.segment.rsc +1 -1
  60. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_head.segment.rsc +1 -1
  61. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_index.segment.rsc +1 -1
  62. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/graph.segments/_tree.segment.rsc +1 -1
  63. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.html +1 -1
  64. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.rsc +1 -1
  65. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk/memory/recall/__PAGE__.segment.rsc +1 -1
  66. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk/memory/recall.segment.rsc +1 -1
  67. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  68. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  69. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_full.segment.rsc +1 -1
  70. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_head.segment.rsc +1 -1
  71. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_index.segment.rsc +1 -1
  72. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/recall.segments/_tree.segment.rsc +1 -1
  73. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.html +1 -1
  74. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.rsc +1 -1
  75. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk/memory/replay/__PAGE__.segment.rsc +1 -1
  76. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk/memory/replay.segment.rsc +1 -1
  77. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  78. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  79. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_full.segment.rsc +1 -1
  80. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_head.segment.rsc +1 -1
  81. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_index.segment.rsc +1 -1
  82. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/replay.segments/_tree.segment.rsc +1 -1
  83. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.html +1 -1
  84. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.rsc +1 -1
  85. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk/memory/review/__PAGE__.segment.rsc +1 -1
  86. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk/memory/review.segment.rsc +1 -1
  87. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  88. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  89. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_full.segment.rsc +1 -1
  90. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_head.segment.rsc +1 -1
  91. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_index.segment.rsc +1 -1
  92. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/review.segments/_tree.segment.rsc +1 -1
  93. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.html +1 -1
  94. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.rsc +1 -1
  95. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk/memory/timeline/__PAGE__.segment.rsc +1 -1
  96. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk/memory/timeline.segment.rsc +1 -1
  97. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  98. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  99. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_full.segment.rsc +1 -1
  100. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_head.segment.rsc +1 -1
  101. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_index.segment.rsc +1 -1
  102. package/dashboard/.next/standalone/dashboard/.next/server/app/memory/timeline.segments/_tree.segment.rsc +1 -1
  103. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.html +1 -1
  104. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.rsc +1 -1
  105. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/!KGRhc2hib2FyZCk/memory/__PAGE__.segment.rsc +1 -1
  106. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/!KGRhc2hib2FyZCk/memory.segment.rsc +1 -1
  107. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  108. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_full.segment.rsc +1 -1
  109. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_head.segment.rsc +1 -1
  110. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_index.segment.rsc +1 -1
  111. package/dashboard/.next/standalone/dashboard/.next/server/app/memory.segments/_tree.segment.rsc +1 -1
  112. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.html +1 -1
  113. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.rsc +1 -1
  114. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/!KGRhc2hib2FyZCk/overview/__PAGE__.segment.rsc +1 -1
  115. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/!KGRhc2hib2FyZCk/overview.segment.rsc +1 -1
  116. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  117. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_full.segment.rsc +1 -1
  118. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_head.segment.rsc +1 -1
  119. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_index.segment.rsc +1 -1
  120. package/dashboard/.next/standalone/dashboard/.next/server/app/overview.segments/_tree.segment.rsc +1 -1
  121. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.html +1 -1
  122. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.rsc +1 -1
  123. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk/protection/audit/__PAGE__.segment.rsc +1 -1
  124. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk/protection/audit.segment.rsc +1 -1
  125. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  126. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  127. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_full.segment.rsc +1 -1
  128. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_head.segment.rsc +1 -1
  129. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_index.segment.rsc +1 -1
  130. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/audit.segments/_tree.segment.rsc +1 -1
  131. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.html +1 -1
  132. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.rsc +1 -1
  133. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk/protection/intercepts/__PAGE__.segment.rsc +1 -1
  134. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk/protection/intercepts.segment.rsc +1 -1
  135. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  136. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  137. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_full.segment.rsc +1 -1
  138. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_head.segment.rsc +1 -1
  139. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_index.segment.rsc +1 -1
  140. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/intercepts.segments/_tree.segment.rsc +1 -1
  141. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.html +1 -1
  142. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.rsc +1 -1
  143. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk/protection/iron-dome/__PAGE__.segment.rsc +1 -1
  144. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk/protection/iron-dome.segment.rsc +1 -1
  145. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  146. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  147. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_full.segment.rsc +1 -1
  148. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_head.segment.rsc +1 -1
  149. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_index.segment.rsc +1 -1
  150. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/iron-dome.segments/_tree.segment.rsc +1 -1
  151. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.html +1 -1
  152. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.rsc +1 -1
  153. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk/protection/policies/__PAGE__.segment.rsc +1 -1
  154. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk/protection/policies.segment.rsc +1 -1
  155. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  156. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  157. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_full.segment.rsc +1 -1
  158. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_head.segment.rsc +1 -1
  159. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_index.segment.rsc +1 -1
  160. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/policies.segments/_tree.segment.rsc +1 -1
  161. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.html +1 -1
  162. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.rsc +1 -1
  163. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk/protection/quarantine/__PAGE__.segment.rsc +1 -1
  164. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk/protection/quarantine.segment.rsc +1 -1
  165. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  166. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  167. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_full.segment.rsc +1 -1
  168. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_head.segment.rsc +1 -1
  169. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_index.segment.rsc +1 -1
  170. package/dashboard/.next/standalone/dashboard/.next/server/app/protection/quarantine.segments/_tree.segment.rsc +1 -1
  171. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.html +1 -1
  172. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.rsc +1 -1
  173. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/!KGRhc2hib2FyZCk/protection/__PAGE__.segment.rsc +1 -1
  174. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/!KGRhc2hib2FyZCk/protection.segment.rsc +1 -1
  175. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  176. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_full.segment.rsc +1 -1
  177. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_head.segment.rsc +1 -1
  178. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_index.segment.rsc +1 -1
  179. package/dashboard/.next/standalone/dashboard/.next/server/app/protection.segments/_tree.segment.rsc +1 -1
  180. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.html +1 -1
  181. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.rsc +1 -1
  182. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/!KGRhc2hib2FyZCk/settings/__PAGE__.segment.rsc +1 -1
  183. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/!KGRhc2hib2FyZCk/settings.segment.rsc +1 -1
  184. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  185. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_full.segment.rsc +1 -1
  186. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_head.segment.rsc +1 -1
  187. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_index.segment.rsc +1 -1
  188. package/dashboard/.next/standalone/dashboard/.next/server/app/settings.segments/_tree.segment.rsc +1 -1
  189. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.html +1 -1
  190. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.rsc +1 -1
  191. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk/supply-chain/xray/__PAGE__.segment.rsc +1 -1
  192. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk/supply-chain/xray.segment.rsc +1 -1
  193. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk/supply-chain.segment.rsc +1 -1
  194. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  195. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_full.segment.rsc +1 -1
  196. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_head.segment.rsc +1 -1
  197. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_index.segment.rsc +1 -1
  198. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain/xray.segments/_tree.segment.rsc +1 -1
  199. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.html +1 -1
  200. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.rsc +1 -1
  201. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/!KGRhc2hib2FyZCk/supply-chain/__PAGE__.segment.rsc +1 -1
  202. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/!KGRhc2hib2FyZCk/supply-chain.segment.rsc +1 -1
  203. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  204. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_full.segment.rsc +1 -1
  205. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_head.segment.rsc +1 -1
  206. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_index.segment.rsc +1 -1
  207. package/dashboard/.next/standalone/dashboard/.next/server/app/supply-chain.segments/_tree.segment.rsc +1 -1
  208. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.html +1 -1
  209. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.rsc +1 -1
  210. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/!KGRhc2hib2FyZCk/xray/__PAGE__.segment.rsc +1 -1
  211. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/!KGRhc2hib2FyZCk/xray.segment.rsc +1 -1
  212. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/!KGRhc2hib2FyZCk.segment.rsc +1 -1
  213. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_full.segment.rsc +1 -1
  214. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_head.segment.rsc +1 -1
  215. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_index.segment.rsc +1 -1
  216. package/dashboard/.next/standalone/dashboard/.next/server/app/xray.segments/_tree.segment.rsc +1 -1
  217. package/dashboard/.next/standalone/dashboard/.next/server/pages/404.html +1 -1
  218. package/dashboard/.next/standalone/dashboard/.next/server/pages/500.html +2 -2
  219. package/dist/api/routes/memories.js +14 -1
  220. package/dist/cloud/cli.js +26 -1
  221. package/dist/defence/firewall/markdown-image-detector.d.ts +15 -0
  222. package/dist/defence/firewall/markdown-image-detector.js +30 -0
  223. package/dist/defence/quarantine/review.js +29 -7
  224. package/dist/defence/tool-response-enforce.d.ts +57 -0
  225. package/dist/defence/tool-response-enforce.js +107 -0
  226. package/dist/defence/tool-response-scanner.d.ts +6 -3
  227. package/dist/defence/tool-response-scanner.js +56 -6
  228. package/dist/defence/trust/recall-filter.js +6 -2
  229. package/dist/defence/trust/source-scorer.js +5 -0
  230. package/dist/defence/types.d.ts +9 -0
  231. package/dist/memory/consolidate.js +50 -18
  232. package/dist/memory/lifecycle.js +13 -0
  233. package/dist/memory/store.d.ts +1 -0
  234. package/dist/memory/store.js +73 -54
  235. package/dist/server.d.ts +6 -0
  236. package/dist/server.js +52 -2
  237. package/package.json +1 -1
  238. package/scripts/lib/recall-defence.mjs +254 -0
  239. package/scripts/lib/save-memory.mjs +12 -3
  240. package/scripts/prompt-recall-hook.mjs +33 -0
  241. package/scripts/session-start-hook.mjs +36 -4
  242. /package/dashboard/.next/standalone/dashboard/.next/static/{h2qG7AvaXDfMKQrI-bK4V → Xdk3QuQEKommHIbMSem56}/_buildManifest.js +0 -0
  243. /package/dashboard/.next/standalone/dashboard/.next/static/{h2qG7AvaXDfMKQrI-bK4V → Xdk3QuQEKommHIbMSem56}/_clientMiddlewareManifest.json +0 -0
  244. /package/dashboard/.next/standalone/dashboard/.next/static/{h2qG7AvaXDfMKQrI-bK4V → Xdk3QuQEKommHIbMSem56}/_ssgManifest.js +0 -0
package/dist/memory/consolidate.js CHANGED
@@ -408,16 +408,26 @@ export function clusterAndSummarise(options) {
408
408
  bestCount = count;
409
409
  }
410
410
  }
411
- addMemory({
412
- type: 'long_term',
413
- category: category,
414
- title: summaryTitle,
415
- content: summaryContent,
416
- project: bestProject || undefined,
417
- tags: ['auto-summary'],
418
- salience: 0.6,
419
- });
420
- summariesCreated++;
411
+ try {
412
+ addMemory({
413
+ type: 'long_term',
414
+ category: category,
415
+ title: summaryTitle,
416
+ content: summaryContent,
417
+ project: bestProject || undefined,
418
+ tags: ['auto-summary'],
419
+ salience: 0.6,
420
+ }, undefined,
421
+ // System-generated consolidation summary — honest cli provenance
422
+ // (trust 0.9, above the auto-quarantine band so it isn't held).
423
+ { type: 'cli', identifier: 'consolidate:summary' });
424
+ summariesCreated++;
425
+ }
426
+ catch {
427
+ // A summary whose content trips the (now-unconditional) defence scan
428
+ // must NOT abort the whole consolidation transaction — skip it, like the
429
+ // per-row guard in importMemories.
430
+ }
421
431
  }
422
432
  return { clusters, summariesCreated };
423
433
  });
@@ -800,22 +810,44 @@ export function exportMemories(project) {
800
810
  * Import memories from JSON
801
811
  */
802
812
  export function importMemories(json) {
803
- // Wrap in transaction for atomic import
813
+ // Wrap in transaction for atomic import. addMemory opens its own nested
814
+ // transaction (better-sqlite3 SAVEPOINT), so a per-row block rolls back only
815
+ // that row and the clean rows still commit.
804
816
  return withTransaction(() => {
805
- const db = getDatabase();
806
817
  const memories = JSON.parse(json);
807
- const stmt = db.prepare(`
808
- INSERT INTO memories (type, category, title, content, project, tags, salience, metadata)
809
- VALUES (?, ?, ?, ?, ?, ?, ?, ?)
810
- `);
818
+ // SELECT * exports store tags/metadata as JSON TEXT — parse back to the
819
+ // array/object shapes addMemory expects.
820
+ const parseJsonField = (value, fallback) => {
821
+ if (typeof value !== 'string')
822
+ return value ?? fallback;
823
+ try {
824
+ return JSON.parse(value);
825
+ }
826
+ catch {
827
+ return fallback;
828
+ }
829
+ };
811
830
  let imported = 0;
812
831
  for (const memory of memories) {
813
832
  try {
814
- stmt.run(memory.type, memory.category, memory.title, memory.content, memory.project || null, memory.tags || '[]', memory.salience || 0.5, memory.metadata || '{}');
833
+ // Route every imported row through the defence pipeline + attribute it
834
+ // to file:import (trust 0.4 — below the auto-quarantine band). Closes
835
+ // the raw-INSERT bypass that admitted unscanned rows at trust 1.0 /
836
+ // 'user:direct'. The pipeline BLOCKs poisoned rows (caught below).
837
+ addMemory({
838
+ type: memory.type,
839
+ category: memory.category,
840
+ title: String(memory.title ?? ''),
841
+ content: String(memory.content ?? ''),
842
+ project: typeof memory.project === 'string' ? memory.project : undefined,
843
+ tags: parseJsonField(memory.tags, []),
844
+ salience: typeof memory.salience === 'number' ? memory.salience : 0.5,
845
+ metadata: parseJsonField(memory.metadata, {}),
846
+ }, DEFAULT_CONFIG, { type: 'file', identifier: 'import' });
815
847
  imported++;
816
848
  }
817
849
  catch {
818
- // Skip duplicates or invalid entries
850
+ // Skip rows the defence pipeline blocks (poisoned), or invalid entries.
819
851
  }
820
852
  }
821
853
  return imported;
package/dist/memory/lifecycle.js CHANGED
@@ -26,6 +26,11 @@ import { activateMemory as spreadActivation } from './activation.js';
26
26
  import { jaccardSimilarity } from './similarity.js';
27
27
  import { emitMemoryAccessed, emitMemoryUpdated, persistEvent, } from '../api/events.js';
28
28
  import { createMemoryLink } from './links.js';
29
+ import { runDefencePipeline } from '../defence/index.js';
30
+ // Enrichment text is recall-query / caller-derived (attacker-influenced); scan
31
+ // it before persisting. Trust doesn't matter here (the row keeps its own) — we
32
+ // only act on the firewall verdict, so a low-trust web source is fine.
33
+ const ENRICH_SOURCE = { type: 'web', identifier: 'enrichment' };
29
34
  // Cyclic import — see header. getMemoryById/rowToMemory/getMemoriesByType
30
35
  // live in store.ts; MAX_CONTENT_SIZE is the per-memory content budget
31
36
  // that both truncateContent (store.ts) and enrichMemory (here) honour.
@@ -194,6 +199,14 @@ export function enrichMemory(memoryId, newContext, contextType = 'access') {
194
199
  if (newContent.length > MAX_CONTENT_SIZE - 500) {
195
200
  return { enriched: false, reason: 'Content size limit reached' };
196
201
  }
202
+ // DEFENCE: re-scan the merged content before persisting — the read-path
203
+ // analogue of mergeMemories. The appended text comes from a recall query /
204
+ // caller and could straddle an injection or credential into a clean stored
205
+ // row. Skip (don't poison) on a non-ALLOW verdict.
206
+ const defenceResult = runDefencePipeline(newContent, memory.title, ENRICH_SOURCE, undefined, memory.project ?? undefined);
207
+ if (defenceResult.firewall.result !== 'ALLOW') {
208
+ return { enriched: false, reason: `Enrichment blocked by defence: ${defenceResult.firewall.reason}` };
209
+ }
197
210
  // Update memory
198
211
  db.prepare(`
199
212
  UPDATE memories
package/dist/memory/store.d.ts CHANGED
@@ -7,6 +7,7 @@
7
7
  import { Memory, MemoryInput, MemoryType, MemoryConfig } from './types.js';
8
8
  import type { DefenceSource } from '../defence/types.js';
9
9
  export declare const MAX_CONTENT_SIZE: number;
10
+ export declare const UNATTRIBUTED_SOURCE: DefenceSource;
10
11
  /**
11
12
  * Get truncation info from the last addMemory call
12
13
  */
package/dist/memory/store.js CHANGED
@@ -32,6 +32,13 @@ import { createMemoryLink, detectRelationships } from './links.js';
32
32
  // Anti-bloat: Maximum content size per memory (10KB).
33
33
  // Exported because lifecycle.ts also enforces this budget inside enrichMemory.
34
34
  export const MAX_CONTENT_SIZE = 10 * 1024;
35
+ // Synthetic source for writes that arrive without an attributed DefenceSource
36
+ // (dashboard REST POST, bulk paths, etc). It MUST score strictly below the
37
+ // 0.5–0.7 auto-quarantine band (web = 0.3) so unattributed writes are SCANNED
38
+ // + stamped low-trust rather than admitted unscanned at trust 1.0 — but are not
39
+ // force-quarantined (which would make every source-less write throw). Closing
40
+ // the old `if (source)` defence-pipeline bypass.
41
+ export const UNATTRIBUTED_SOURCE = { type: 'web', identifier: 'unattributed' };
35
42
  // Track truncation info globally for the last addMemory call
36
43
  let lastTruncationInfo = null;
37
44
  /**
@@ -326,43 +333,46 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
326
333
  });
327
334
  throw new MemoryBlockedError(`Rate limited: exceeded ${RATE_LIMIT_MAX} writes per minute`);
328
335
  }
329
- // DEFENCE PIPELINE: Scan content before storage
330
- let defenceResult = null;
331
- if (source) {
332
- defenceResult = runDefencePipeline(input.content, input.title, source, undefined, input.project);
333
- // Auto-quarantine sub-agent writes (trust 0.5–0.7)
334
- const trust = defenceResult.trust.score;
335
- if (defenceResult.allowed && trust >= 0.5 && trust < 0.7) {
336
- defenceResult.allowed = false;
337
- defenceResult.firewall.result = 'QUARANTINE';
338
- defenceResult.firewall.reason = `Sub-agent write (trust=${trust.toFixed(3)}) requires parent approval`;
339
- // Pipeline returned ALLOW so pipeline.ts didn't sync quarantine content.
340
- // Sync it now since we've overridden to QUARANTINE post-pipeline.
341
- if (isFeatureEnabled('cloud_sync'))
342
- try {
343
- const indicators = defenceResult.firewall.threatIndicators.map(t => typeof t === 'string' ? t : t.pattern ?? String(t));
344
- syncQuarantineToCloud({
345
- original_content: input.content,
346
- original_title: input.title,
347
- source_type: source.type,
348
- source_identifier: source.identifier,
349
- reason: defenceResult.firewall.reason,
350
- threat_indicators: indicators,
351
- anomaly_score: defenceResult.firewall.anomalyScore,
352
- firewall_result: defenceResult.firewall.result,
353
- project: input.project ?? null,
354
- sensitivity_level: defenceResult.sensitivity.level,
355
- });
356
- }
357
- catch {
358
- // Cloud sync must never affect local quarantine flow
359
- }
360
- }
361
- if (!defenceResult.allowed) {
362
- // Store in quarantine instead of memory
363
- quarantineMemory(input, source, defenceResult);
364
- throw new MemoryBlockedError(defenceResult.firewall.reason);
365
- }
336
+ // DEFENCE PIPELINE: Scan EVERY write before storage. Source-less writes get a
337
+ // conservative low-trust synthetic source (UNATTRIBUTED_SOURCE = web:0.3) so
338
+ // they are still scanned + stamped low-trust instead of admitted unscanned at
339
+ // trust 1.0 closing the old `if (source)` bypass. Rate-limiting stays gated
340
+ // on an explicit source (above) so bulk source-less/import writes aren't
341
+ // throttled by the shared synthetic key.
342
+ const effectiveSource = source ?? UNATTRIBUTED_SOURCE;
343
+ const defenceResult = runDefencePipeline(input.content, input.title, effectiveSource, undefined, input.project);
344
+ // Auto-quarantine sub-agent writes (trust 0.5–0.7)
345
+ const trust = defenceResult.trust.score;
346
+ if (defenceResult.allowed && trust >= 0.5 && trust < 0.7) {
347
+ defenceResult.allowed = false;
348
+ defenceResult.firewall.result = 'QUARANTINE';
349
+ defenceResult.firewall.reason = `Sub-agent write (trust=${trust.toFixed(3)}) requires parent approval`;
350
+ // Pipeline returned ALLOW so pipeline.ts didn't sync quarantine content.
351
+ // Sync it now since we've overridden to QUARANTINE post-pipeline.
352
+ if (isFeatureEnabled('cloud_sync'))
353
+ try {
354
+ const indicators = defenceResult.firewall.threatIndicators.map(t => typeof t === 'string' ? t : t.pattern ?? String(t));
355
+ syncQuarantineToCloud({
356
+ original_content: input.content,
357
+ original_title: input.title,
358
+ source_type: effectiveSource.type,
359
+ source_identifier: effectiveSource.identifier,
360
+ reason: defenceResult.firewall.reason,
361
+ threat_indicators: indicators,
362
+ anomaly_score: defenceResult.firewall.anomalyScore,
363
+ firewall_result: defenceResult.firewall.result,
364
+ project: input.project ?? null,
365
+ sensitivity_level: defenceResult.sensitivity.level,
366
+ });
367
+ }
368
+ catch {
369
+ // Cloud sync must never affect local quarantine flow
370
+ }
371
+ }
372
+ if (!defenceResult.allowed) {
373
+ // Store in quarantine instead of memory
374
+ quarantineMemory(input, effectiveSource, defenceResult);
375
+ throw new MemoryBlockedError(defenceResult.firewall.reason);
366
376
  }
367
377
  const db = getDatabase();
368
378
  // Calculate salience if not provided
@@ -377,7 +387,7 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
377
387
  const scope = input.scope ??
378
388
  (detectGlobalPattern(input.content, category, tags) ? 'global' : 'project');
379
389
  const transferable = input.transferable ?? (scope === 'global' ? 1 : 0);
380
- const sourceDetails = inferSourceDetails({ ...input, tags }, source);
390
+ const sourceDetails = inferSourceDetails({ ...input, tags }, effectiveSource);
381
391
  const status = input.status ?? 'active';
382
392
  const pinned = input.pinned ? 1 : 0;
383
393
  const cloudExcluded = input.cloudExcluded ? 1 : 0;
@@ -400,14 +410,11 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
400
410
  const insertedId = db.transaction(() => {
401
411
  const memoryUuid = randomUUID();
402
412
  const result = stmt.run(memoryUuid, type, category, input.title, truncationResult.content, input.project || null, JSON.stringify(tags), salience, JSON.stringify(input.metadata || {}), scope, transferable, status, pinned, input.reviewedBy ? new Date().toISOString() : null, input.reviewedBy ?? null, sourceDetails.sourceKind, sourceDetails.captureMethod, cloudExcluded, input.memoryPurpose || 'project', input.memoryScope || 'private');
403
- if (defenceResult) {
404
- db.prepare(`UPDATE memories SET trust_score = ?, sensitivity_level = ?, source = ? WHERE id = ?`)
405
- .run(defenceResult.trust.score, defenceResult.sensitivity.level, sourceDetails.sourceValue, result.lastInsertRowid);
406
- }
407
- else {
408
- db.prepare(`UPDATE memories SET source = ?, trust_score = COALESCE(trust_score, ?), sensitivity_level = COALESCE(sensitivity_level, ?) WHERE id = ?`)
409
- .run(sourceDetails.sourceValue, input.trustScore ?? 1.0, input.sensitivityLevel ?? 'INTERNAL', result.lastInsertRowid);
410
- }
413
+ // defenceResult is always set now (every write is scanned), so always stamp
414
+ // the pipeline's real trust + sensitivity alongside the resolved source
415
+ // no source-less branch can default to trust 1.0 / unscanned INTERNAL.
416
+ db.prepare(`UPDATE memories SET trust_score = ?, sensitivity_level = ?, source = ? WHERE id = ?`)
417
+ .run(defenceResult.trust.score, defenceResult.sensitivity.level, sourceDetails.sourceValue, result.lastInsertRowid);
411
418
  return result.lastInsertRowid;
412
419
  })();
413
420
  const memory = getMemoryById(insertedId);
@@ -454,14 +461,14 @@ export function addMemory(input, config = DEFAULT_CONFIG, source) {
454
461
  // Don't fail memory creation if linking fails
455
462
  console.error('[shieldcortex] Auto-link failed:', e);
456
463
  }
457
- // DEFENCE: Store fragmentation data for cross-memory payload detection
458
- if (source) {
459
- try {
460
- storeFragmentationData(memory.id, truncationResult.content);
461
- }
462
- catch (e) {
463
- console.warn('[shieldcortex] Fragmentation data storage failed:', e instanceof Error ? e.message : e);
464
- }
464
+ // DEFENCE: Store fragmentation data for cross-memory payload detection.
465
+ // Un-gated from `if (source)` so source-less writes also feed the temporal
466
+ // assembly corpus (a blind spot the write-bypass left).
467
+ try {
468
+ storeFragmentationData(memory.id, truncationResult.content);
469
+ }
470
+ catch (e) {
471
+ console.warn('[shieldcortex] Fragmentation data storage failed:', e instanceof Error ? e.message : e);
465
472
  }
466
473
  // SEMANTIC SEARCH: Generate embedding asynchronously (don't block INSERT)
467
474
  const memoryId = memory.id;
@@ -582,6 +589,18 @@ export function updateMemory(id, updates) {
582
589
  const existing = getMemoryById(id);
583
590
  if (!existing)
584
591
  return null;
592
+ // DEFENCE: re-scan when content/title changes — the UPDATE path is otherwise
593
+ // an unscanned write (reachable via remember-dedup + the dashboard PATCH).
594
+ // Mirror mergeMemories: fail closed on a non-ALLOW verdict so a poison content
595
+ // replace can't overwrite a clean row unchecked.
596
+ if (updates.content !== undefined || updates.title !== undefined) {
597
+ const scanContent = updates.content !== undefined ? updates.content : existing.content;
598
+ const scanTitle = updates.title !== undefined ? updates.title : existing.title;
599
+ const defenceResult = runDefencePipeline(scanContent, scanTitle, UNATTRIBUTED_SOURCE, undefined, existing.project ?? undefined);
600
+ if (defenceResult.firewall.result !== 'ALLOW') {
601
+ throw new MemoryBlockedError(defenceResult.firewall.reason);
602
+ }
603
+ }
585
604
  const fields = [];
586
605
  const values = [];
587
606
  if (updates.title !== undefined) {
package/dist/server.d.ts CHANGED
@@ -5,6 +5,12 @@
5
5
  * Solves context compaction and memory persistence issues.
6
6
  */
7
7
  import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
8
+ /**
9
+ * Wrap an MCP tool handler to scan its response for threats.
10
+ * Advisory mode: appends a warning but never blocks.
11
+ * Enforce mode: can redact credential leaks.
12
+ */
13
+ export declare function withResponseScan(toolName: string, handler: (...args: any[]) => any): (...args: any[]) => any;
8
14
  /**
9
15
  * Check text for kill phrase and trigger kill switch if detected.
10
16
  * Returns true if kill switch was activated.
package/dist/server.js CHANGED
@@ -24,6 +24,7 @@ import { queryAuditLogs, getAuditStats, getLifetimeStats } from './defence/audit
24
24
  import { scanExistingMemories } from './defence/scanner/index.js';
25
25
  import { resolveToolSource as resolveToolSourceImpl } from './defence/trust/resolve-tool-source.js';
26
26
  import { scanToolResponse, shouldScanToolResponse } from './defence/tool-response-scanner.js';
27
+ import { UNTRUSTED_TOOL_TAG } from './defence/tool-response-enforce.js';
27
28
  import { getToolResponseScanConfig } from './cloud/config.js';
28
29
  import { checkKillPhrase } from './defence/iron-dome/index.js';
29
30
  import { isKillSwitchActive, getKillSwitchMeta, assertOperationAllowed, activateKillSwitch, deactivateKillSwitch, KillSwitchError, } from './api/control.js';
@@ -45,7 +46,7 @@ const sourceParam = z.object({
45
46
  * Enforce mode: can redact credential leaks.
46
47
  */
47
48
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
48
- function withResponseScan(toolName, handler) {
49
+ export function withResponseScan(toolName, handler) {
49
50
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
50
51
  return async (...handlerArgs) => {
51
52
  const result = await handler(...handlerArgs);
@@ -61,8 +62,35 @@ function withResponseScan(toolName, handler) {
61
62
  const scan = scanToolResponse(toolName, textContent, config.toolResponseMode);
62
63
  if (scan.clean)
63
64
  return result;
64
- // Append warning to the response
65
+ // Enforce mode: swap the threatening text for the sanitised payload the
66
+ // scanner produced (injection withheld, secrets redacted, exfil stripped).
67
+ // Non-text blocks (e.g. images) are preserved. Advisory mode keeps the
68
+ // observe-only behaviour: leave the response intact, append a warning.
69
+ if (scan.mode === 'enforce' && scan.sanitisedContent !== null) {
70
+ const nonText = result.content.filter((c) => c.type !== 'text');
71
+ if (scan.blocked) {
72
+ // Whole payload withheld → surface as a tool error so the agent can tell
73
+ // "withheld by firewall" apart from "no results / empty".
74
+ return {
75
+ ...result,
76
+ content: [...nonText, { type: 'text', text: scan.sanitisedContent }],
77
+ isError: true,
78
+ };
79
+ }
80
+ // Redacted-and-delivered → cleaned payload + the untrusted-origin tag in a
81
+ // SEPARATE block, so redacted structured output (JSON/CSV) stays parseable.
82
+ return {
83
+ ...result,
84
+ content: [
85
+ ...nonText,
86
+ { type: 'text', text: scan.sanitisedContent },
87
+ { type: 'text', text: UNTRUSTED_TOOL_TAG },
88
+ ],
89
+ };
90
+ }
91
+ // Advisory: append warning to the response.
65
92
  return {
93
+ ...result,
66
94
  content: [
67
95
  ...result.content,
68
96
  {
@@ -688,6 +716,28 @@ Runs injection detection (40+ patterns) and credential leak scanning (25+ provid
688
716
  if (scan.auditId > 0) {
689
717
  lines.push(`**Audit ID:** ${scan.auditId}`);
690
718
  }
719
+ // Enforce mode produced an actioned payload — surface it so callers using
720
+ // this tool as a programmatic firewall receive the safe content, not just
721
+ // a verdict. Advisory scans leave sanitisedContent null (verdict only).
722
+ if (scan.sanitisedContent !== null) {
723
+ lines.push('');
724
+ lines.push(`### Enforcement (${scan.blocked ? 'BLOCKED' : 'REDACTED'})`);
725
+ for (const action of scan.enforceActions) {
726
+ lines.push(`- ${action}`);
727
+ }
728
+ if (!scan.blocked) {
729
+ lines.push(`- origin: ${UNTRUSTED_TOOL_TAG}`);
730
+ }
731
+ lines.push('');
732
+ lines.push('**Sanitised content (deliver this instead):**');
733
+ // Dynamic fence longer than any backtick run in the content, so content
734
+ // containing ``` cannot break out of the code block.
735
+ const longestRun = Math.max(0, ...(scan.sanitisedContent.match(/`+/g) || []).map((s) => s.length));
736
+ const fence = '`'.repeat(Math.max(3, longestRun + 1));
737
+ lines.push(fence);
738
+ lines.push(scan.sanitisedContent);
739
+ lines.push(fence);
740
+ }
691
741
  lines.push('');
692
742
  lines.push(scan.summary);
693
743
  return { content: [{ type: 'text', text: lines.join('\n') }] };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shieldcortex",
3
- "version": "4.35.0",
3
+ "version": "4.37.0",
4
4
  "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",