npm - shieldcortex - Versions diffs - 4.39.0 → 4.41.0 - Mend

shieldcortex 4.39.0 → 4.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (275) hide show

package/dashboard/.next/standalone/dashboard/.next/static/chunks/e18095d552836b96.js ADDED Viewed

@@ -0,0 +1 @@

+ (globalThis.TURBOPACK||(globalThis.TURBOPACK=[])).push(["object"==typeof document?document.currentScript:void 0,27918,e=>{"use strict";var t=e.i(27493),a=e.i(4),s=e.i(45434),r=e.i(36062),i=e.i(71259),n=e.i(24929);let c=(0,n.default)("file-search",[["path",{d:"M6 22a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h8a2.4 2.4 0 0 1 1.704.706l3.588 3.588A2.4 2.4 0 0 1 20 8v12a2 2 0 0 1-2 2z",key:"1oefj6"}],["path",{d:"M14 2v5a1 1 0 0 0 1 1h5",key:"wfsgrz"}],["circle",{cx:"11.5",cy:"14.5",r:"2.5",key:"1bq0ko"}],["path",{d:"M13.3 16.3 15 18",key:"2quom7"}]]),l=(0,n.default)("folder-search",[["path",{d:"M10.7 20H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h3.9a2 2 0 0 1 1.69.9l.81 1.2a2 2 0 0 0 1.67.9H20a2 2 0 0 1 2 2v4.1",key:"1bw5m7"}],["path",{d:"m21 21-1.9-1.9",key:"1g2n9r"}],["circle",{cx:"17",cy:"17",r:"3",key:"18b49y"}]]);var d=e.i(66949);let o=(0,n.default)("radar",[["path",{d:"M19.07 4.93A10 10 0 0 0 6.99 3.34",key:"z3du51"}],["path",{d:"M4 6h.01",key:"oypzma"}],["path",{d:"M2.29 9.62A10 10 0 1 0 21.31 8.35",key:"qzzz0"}],["path",{d:"M16.24 7.76A6 6 0 1 0 8.23 16.67",key:"1yjesh"}],["path",{d:"M12 18h.01",key:"mhygvu"}],["path",{d:"M17.99 11.66A6 6 0 0 1 15.77 16.67",key:"1u2y91"}],["circle",{cx:"12",cy:"12",r:"2",key:"1c9p78"}],["path",{d:"m13.41 10.59 5.66-5.66",key:"mhq4k0"}]]);var x=e.i(76344),m=e.i(48615),v=e.i(88969),u=e.i(35372),h=e.i(16467),p=e.i(95659),g=e.i(81523),y=e.i(40950),f=e.i(46194);function j({score:e,size:a=160,label:s}){let r=2*Math.PI*42,i=e/100*r,n=e<=50?"var(--sc-coral)":e<=75?"var(--sc-amber)":"var(--sc-cyan)",c=e<=50?"var(--sc-glow-coral)":e<=75?"rgba(245, 158, 11, 0.15)":"var(--sc-glow-cyan)";return(0,t.jsxs)("div",{className:"flex flex-col items-center gap-2",children:[(0,t.jsxs)("div",{className:"relative",style:{width:a,height:a},children:[(0,t.jsxs)("svg",{viewBox:"0 0 100 100",className:"h-full w-full -rotate-90",style:{filter:`drop-shadow(0 0 12px ${c})`},children:[(0,t.jsx)("circle",{cx:"50",cy:"50",r:42,fill:"none",stroke:"var(--sc-bg-elevated)",strokeWidth:"7"}),(0,t.jsx)("circle",{cx:"50",cy:"50",r:42,fill:"none",stroke:n,strokeWidth:"7",strokeDasharray:`${i} ${r}`,strokeLinecap:"round",className:"transition-all duration-1000 ease-out"})]}),(0,t.jsxs)("div",{className:"absolute inset-0 flex flex-col items-center justify-center",children:[(0,t.jsx)("span",{className:"text-3xl font-bold",style:{color:n},children:e}),(0,t.jsx)("span",{className:"text-[11px] text-[var(--sc-text-muted)]",children:"trust"})]})]}),s&&(0,t.jsx)("span",{className:"text-xs font-medium text-[var(--sc-text-secondary)]",children:s})]})}var b=e.i(16511);let N=(0,n.default)("eye-off",[["path",{d:"M10.733 5.076a10.744 10.744 0 0 1 11.205 6.575 1 1 0 0 1 0 .696 10.747 10.747 0 0 1-1.444 2.49",key:"ct8e1f"}],["path",{d:"M14.084 14.158a3 3 0 0 1-4.242-4.242",key:"151rxh"}],["path",{d:"M17.479 17.499a10.75 10.75 0 0 1-15.417-5.151 1 1 0 0 1 0-.696 10.75 10.75 0 0 1 4.446-5.143",key:"13bj9a"}],["path",{d:"m2 2 20 20",key:"1ooewy"}]]);var k=e.i(27528),w=e.i(77744),S=e.i(22534),C=e.i(45688),B=e.i(71921),E=e.i(1235);let F=S.default.env.NEXT_PUBLIC_API_URL||"http://localhost:3001";function $(e){return(0,C.useQuery)({queryKey:["xray-findings",e],queryFn:async()=>{let t=new URLSearchParams;e?.status&&t.set("status",e.status),e?.severity&&t.set("severity",e.severity),e?.target&&t.set("target",e.target),e?.limit&&t.set("limit",String(e.limit));let a=t.toString()?`?${t}`:"",s=await (0,v.gatedFetch)(`${F}/api/xray/findings${a}`);if(!s.ok)throw Error(await (0,v.readApiError)(s,"Failed to fetch findings"));return s.json()},refetchInterval:15e3})}function z(){let e=(0,E.useQueryClient)();return(0,B.useMutation)({mutationFn:async({id:e,status:t,note:a})=>{let s=await (0,v.gatedFetch)(`${F}/api/xray/findings/${e}`,{method:"PATCH",headers:{"Content-Type":"application/json"},body:JSON.stringify({status:t,note:a})});if(!s.ok)throw Error(await (0,v.readApiError)(s,"Failed to update finding"));return s.json()},onSuccess:()=>{e.invalidateQueries({queryKey:["xray-findings"]}),e.invalidateQueries({queryKey:["xray-findings-stats"]})}})}function A(){let e=(0,E.useQueryClient)();return(0,B.useMutation)({mutationFn:async({id:e,note:t})=>{let a=await (0,v.gatedFetch)(`${F}/api/xray/findings/${e}/quarantine`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({note:t})});if(!a.ok)throw Error(await (0,v.readApiError)(a,"Failed to quarantine file"));return a.json()},onSuccess:()=>{e.invalidateQueries({queryKey:["xray-findings"]}),e.invalidateQueries({queryKey:["xray-findings-stats"]})}})}function R({findingId:e,status:s,hasFile:r,compact:n=!1}){let c,[l,d]=(0,a.useState)(!1),[o,x]=(0,a.useState)(""),[u,h]=(0,a.useState)(!1),p=z(),y=A(),f=(c=(0,E.useQueryClient)(),(0,B.useMutation)({mutationFn:async e=>{let t=await (0,v.gatedFetch)(`${F}/api/xray/findings/${e}`,{method:"DELETE"});if(!t.ok)throw Error(await (0,v.readApiError)(t,"Failed to delete finding"));return t.json()},onSuccess:()=>{c.invalidateQueries({queryKey:["xray-findings"]}),c.invalidateQueries({queryKey:["xray-findings-stats"]})}})),j=t=>{switch(t){case"reviewed":p.mutate({id:e,status:"reviewed"},{onSuccess:()=>m.toast.success("Marked as reviewed"),onError:e=>m.toast.error(`Failed to update: ${e.message}`)});break;case"ignored":p.mutate({id:e,status:"ignored",note:o},{onSuccess:()=>{m.toast.info("Finding ignored — removed from active list"),d(!1),x(""),h(!0)},onError:e=>m.toast.error(`Failed to ignore: ${e.message}`)});break;case"resolved":p.mutate({id:e,status:"resolved",note:o},{onSuccess:()=>{m.toast.success("Finding resolved — removed from active list"),d(!1),x(""),h(!0)},onError:e=>m.toast.error(`Failed to resolve: ${e.message}`)});break;case"quarantine":y.mutate({id:e,note:o},{onSuccess:e=>{m.toast.warning(e.moved?"File quarantined and moved":"Marked quarantined (file not found)"),h(!0)},onError:e=>m.toast.error(`Quarantine failed: ${e.message}`)});break;case"delete":f.mutate(e,{onSuccess:()=>{m.toast.success("Finding deleted"),h(!0)},onError:e=>m.toast.error(`Failed to delete: ${e.message}`)})}};if(u)return(0,t.jsxs)("span",{className:"inline-flex items-center gap-1.5 text-xs text-[var(--sc-cyan)] italic animate-pulse",children:[(0,t.jsx)(b.Check,{size:12})," Done — removing from list..."]});if("resolved"===s)return(0,t.jsxs)("span",{className:"inline-flex items-center gap-1.5 text-xs text-[var(--sc-cyan)]",children:[(0,t.jsx)(b.Check,{size:12})," Resolved"]});if("quarantined"===s)return(0,t.jsxs)("span",{className:"inline-flex items-center gap-1.5 text-xs text-[var(--sc-amber)]",children:[(0,t.jsx)(k.Shield,{size:12})," Quarantined"]});if("ignored"===s)return(0,t.jsxs)("span",{className:"inline-flex items-center gap-1.5 text-xs text-[var(--sc-text-muted)]",children:[(0,t.jsx)(N,{size:12})," Ignored"]});let S=n?"sm":"md",C=p.isPending||y.isPending||f.isPending;return(0,t.jsxs)("div",{className:"space-y-2",children:[(0,t.jsxs)("div",{className:"flex flex-wrap gap-1.5",children:["new"===s&&(0,t.jsxs)(g.Button,{variant:"ghost",size:S,onClick:()=>j("reviewed"),disabled:C,children:[(0,t.jsx)(i.Eye,{size:12})," Mark reviewed"]}),(0,t.jsxs)(g.Button,{variant:"cyan",size:S,onClick:()=>d(!l),disabled:C,children:[(0,t.jsx)(b.Check,{size:12})," Resolve"]}),(0,t.jsxs)(g.Button,{variant:"ghost",size:S,onClick:()=>j("ignored"),disabled:C,children:[(0,t.jsx)(N,{size:12})," Safe to ignore"]}),r&&(0,t.jsxs)(g.Button,{variant:"coral",size:S,onClick:()=>j("quarantine"),disabled:C,children:[(0,t.jsx)(k.Shield,{size:12})," Quarantine file"]}),(0,t.jsx)(g.Button,{variant:"ghost",size:S,onClick:()=>j("delete"),disabled:C,children:(0,t.jsx)(w.Trash2,{size:12})})]}),l&&(0,t.jsxs)("div",{className:"flex gap-2",children:[(0,t.jsx)("input",{value:o,onChange:e=>x(e.target.value),placeholder:"What did you do about it? (optional)",className:"flex-1 rounded-lg border border-[var(--sc-border)] bg-[var(--sc-bg-elevated)] px-3 py-1.5 text-xs text-[var(--sc-text-primary)] placeholder:text-[var(--sc-text-muted)] focus-ring-cyan","aria-label":"Resolution note",onKeyDown:e=>{"Enter"===e.key&&j("resolved")}}),(0,t.jsx)(g.Button,{variant:"cyan",size:"sm",onClick:()=>j("resolved"),disabled:C,children:"Done"})]})]})}var P=e.i(45256),L=e.i(51069),M=e.i(44758);let q=(0,n.default)("shield-x",[["path",{d:"M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z",key:"oel41y"}],["path",{d:"m14.5 9.5-5 5",key:"17q4r4"}],["path",{d:"m9.5 9.5 5 5",key:"18nt4w"}]]);var D=e.i(13808),T=e.i(76624),W=e.i(23457),I=e.i(44250);function G(e,t,a,s){return`${e}|${t}|${a??""}|${s??""}`}function Q({finding:e,target:s}){let r=(0,W.useLocalAiExplain)(),i=z(),n=A(),[c,l]=(0,a.useState)(new Set),d=e=>l(t=>{let a=new Set(t);return a.add(e),a}),o=!e.id&&!!s&&!!r.data,x=$(o?{target:s,limit:200}:void 0),v=(()=>{if(e.id)return e.id;if(!x.data?.findings)return;let t=G(e.category,e.title,e.file,e.line),a=x.data.findings.find(e=>G(e.category,e.title,e.file,e.line)===t);return a?.id})();return(0,t.jsxs)("div",{className:"mt-3 space-y-3",children:[(0,t.jsxs)(g.Button,{variant:"outline",size:"sm",onClick:()=>{r.mutate({kind:"xray_finding",title:e.title,content:[`Title: ${e.title}`,`Description: ${e.description}`,e.file?`File: ${e.line?`${e.file}:${e.line}`:e.file}`:"",e.evidence?`Evidence: ${e.evidence}`:"",e.guidance?.whatItMeans?`Scanner meaning: ${e.guidance.whatItMeans}`:"",e.guidance?.whatToDo?`Scanner guidance: ${e.guidance.whatToDo}`:"",e.guidance?.falsePositiveNote?`False positive note: ${e.guidance.falsePositiveNote}`:""].filter(Boolean).join("\n"),source:e.file?`xray:${e.file}`:"xray",signals:[e.severity,e.category,e.status??"",e.guidance?.urgency??"",e.systemFile?"system-file":""].filter(Boolean),metadata:{id:e.id,file:e.file,line:e.line,severity:e.severity,category:e.category,status:e.status,detectedAt:e.detectedAt,systemFile:e.systemFile,guidance:e.guidance}},{onSuccess:e=>{m.toast.success(e.explanation.synthetic?"Fallback explanation generated":"Local explanation generated")},onError:e=>m.toast.error(e instanceof Error?e.message:"Local explanation failed")})},disabled:r.isPending,pulse:r.isPending,children:[(0,t.jsx)(D.Sparkles,{size:13}),r.isPending?"Explaining":"Explain"]}),r.data?.explanation&&(0,t.jsx)(T.LocalAiExplanationPanel,{explanation:r.data.explanation,actions:(()=>{let a=[];if(e.file){let s=(0,I.buildEditorUrl)(e.file,e.line);a.push({key:"open",label:"Open in editor",icon:(0,t.jsx)(P.ExternalLink,{size:13}),variant:"outline",onClick:()=>{s&&(window.location.href=s)}})}if(!v)return o&&x.isLoading&&a.push({key:"lookup",label:"Loading actions",variant:"outline",disabled:!0,pending:!0,onClick:()=>void 0}),a;let s=i.isPending||n.isPending,r=c.has("reviewed");a.push({key:"reviewed",label:r?"Reviewed":"Mark reviewed",icon:r?(0,t.jsx)(b.Check,{size:13}):(0,t.jsx)(M.ShieldCheck,{size:13}),variant:r?"cyan":"outline",pending:i.isPending&&i.variables?.status==="reviewed",disabled:s||r,onClick:()=>{i.mutate({id:v,status:"reviewed"},{onSuccess:()=>{d("reviewed"),m.toast.success("Marked as reviewed")},onError:e=>m.toast.error(e instanceof Error?e.message:"Failed to mark reviewed")})}});let l=c.has("dismiss");a.push({key:"dismiss",label:l?"Dismissed":"Dismiss",icon:l?(0,t.jsx)(b.Check,{size:13}):(0,t.jsx)(q,{size:13}),variant:l?"cyan":"ghost",pending:i.isPending&&i.variables?.status==="ignored",disabled:s||l,onClick:()=>{i.mutate({id:v,status:"ignored"},{onSuccess:()=>{d("dismiss"),m.toast.success("Finding dismissed")},onError:e=>m.toast.error(e instanceof Error?e.message:"Failed to dismiss")})}});let u=c.has("quarantine");return a.push({key:"quarantine",label:u?"Quarantined":"Quarantine file",icon:u?(0,t.jsx)(b.Check,{size:13}):(0,t.jsx)(L.ShieldAlert,{size:13}),variant:u?"cyan":"coral",pending:n.isPending,disabled:s||u,onClick:()=>{n.mutate({id:v},{onSuccess:()=>{d("quarantine"),m.toast.success("File quarantined")},onError:e=>m.toast.error(e instanceof Error?e.message:"Failed to quarantine")})}}),a})()}),r.error&&(0,t.jsx)(H,{message:r.error instanceof Error?r.error.message:"Local explanation failed"})]})}function H({message:e}){let a=e.toLowerCase();return a.includes("disabled")||a.includes("not cached")||a.includes("not enabled")?(0,t.jsxs)("div",{className:"space-y-2 rounded-lg border border-[var(--sc-border)] bg-[var(--sc-surface)]/40 p-3 text-sm text-[var(--sc-text-secondary)]",children:[(0,t.jsx)("p",{className:"font-medium text-[var(--sc-text-primary)]",children:e}),(0,t.jsx)("p",{children:"The Local AI Explainer is opt-in. Enable it from a terminal:"}),(0,t.jsx)("pre",{className:"overflow-x-auto rounded bg-black/30 p-2 text-xs text-[var(--sc-text-primary)]",children:"shieldcortex review-copilot enable --accept-download"}),(0,t.jsx)("p",{className:"text-xs text-[var(--sc-text-muted)]",children:"Runs a small local model (Qwen2.5-0.5B) on this machine — nothing leaves your device. Requires a Pro licence."})]}):(0,t.jsx)("div",{className:"rounded-lg border border-[var(--sc-coral)]/30 bg-[var(--sc-coral)]/10 p-3 text-sm text-[var(--sc-coral)]",children:e})}var X=e.i(31309);function K(e){return e?new Date(e).toLocaleString():"—"}function O(){let[e,n]=(0,a.useState)("scanner"),[b,N]=(0,a.useState)(""),[k,w]=(0,a.useState)(!1),[S,B]=(0,a.useState)(null),[E,z]=(0,a.useState)("ALL"),[A,P]=(0,a.useState)("all"),[L,M]=(0,a.useState)("all"),[q,D]=(0,a.useState)(""),[T,W]=(0,a.useState)("all"),[I,G]=(0,a.useState)("all"),[H,O]=(0,a.useState)(""),[V,U]=(0,a.useState)(!1),[_,J]=(0,a.useState)("new"),{data:Y}=(0,X.useXRayHistory)({risk:E,targetType:A,deep:L,search:q}),{data:Z}=(0,X.useXRayActivity)(8,{kind:T}),{data:ee}=(0,X.useXRayWatchSessions)(8,{state:I}),{data:et}=(0,X.useXRayStatus)(),{data:ea}=(0,C.useQuery)({queryKey:["xray-findings-stats"],queryFn:async()=>{let e=await (0,v.gatedFetch)(`${F}/api/xray/findings/stats`);if(!e.ok)throw Error(await (0,v.readApiError)(e,"Failed to fetch finding stats"));return e.json()},refetchInterval:15e3}),{data:es}=$({status:"all"===_?void 0:_}),er=(0,a.useMemo)(()=>Y?.entries??[],[Y?.entries]),ei=Z?.entries??[],en=ee?.entries??[],ec=(0,X.useXRayScan)(),el=(0,X.usePickXRayTarget)(),ed=S??(er.length>0?er[0].id:null),eo=(0,X.useXRayHistoryEntry)(ed),{data:ex}=(0,X.useActiveWatchers)(),em=(0,X.useStartWatch)(),ev=(0,X.useStopWatch)(),eu=ex?.watchers??[],eh=ec.data?.result,ep=ec.data?.persistedFindings??[],eg=ec.error,ey=eg instanceof v.FeatureLockedError;(0,u.useWebSocketEvent)(e=>{if("xray_detection"===e.type){let t=e.data;m.toast.warning(t.summary||"X-Ray detection",{description:`Risk: ${t.riskLevel||"unknown"}`,duration:8e3})}});let ef=eo.data?.entry??er.find(e=>e.id===ed)??null,ej=eh??ef?.result??null,eb=(0,a.useMemo)(()=>({total:er.length,avgScore:er.length?Math.round(er.reduce((e,t)=>e+t.trustScore,0)/er.length):null}),[er]),eN=et?.capabilities,ek=et?.summary,ew=[{id:"scanner",label:"Scanner",icon:(0,t.jsx)(x.ScanSearch,{size:14})},{id:"history",label:"History",count:eb.total},{id:"watch",label:"Watch",count:ek?.activeWatchRoots??0},{id:"activity",label:"Activity"},{id:"findings",label:"Findings",count:ea?.new??0}];return(0,t.jsx)("div",{className:"h-full overflow-y-auto",children:(0,t.jsxs)("div",{className:"mx-auto max-w-7xl space-y-6 p-6",children:[(0,t.jsx)(y.PageHeader,{eyebrow:"Supply Chain Security",title:"X-Ray Scanner",subtitle:"Scan packages, files, and directories for hidden risk signals.",tabs:ew,activeTab:e,onTabChange:e=>n(e),actions:(0,t.jsx)("div",{className:"flex items-center gap-3",children:(0,t.jsxs)(p.Badge,{variant:eN?.deepScan?"cyan":"muted",dot:!0,children:["Deep scan ",eN?.deepScan?"enabled":"gated"]})})}),(0,t.jsxs)("div",{className:"grid grid-cols-2 gap-4 lg:grid-cols-4",children:[(0,t.jsx)(f.StatCard,{label:"Total Scans",value:ek?.scans??0,icon:x.ScanSearch,accent:"cyan"}),(0,t.jsx)(f.StatCard,{label:"High Risk",value:ek?.highRiskScans??0,icon:s.Activity,accent:"coral"}),(0,t.jsx)(f.StatCard,{label:"Watch Roots",value:ek?.activeWatchRoots??0,icon:i.Eye,accent:"cyan"}),(0,t.jsx)(f.StatCard,{label:"Avg Trust",value:eb.avgScore??"—",icon:c,accent:eb.avgScore&&eb.avgScore>=70?"cyan":"amber"})]}),"scanner"===e&&(0,t.jsxs)("div",{className:"grid gap-6 xl:grid-cols-[1.2fr_0.8fr]",children:[(0,t.jsxs)("div",{className:"space-y-6",children:[(0,t.jsxs)(h.GlassCard,{strong:!0,className:"p-6",children:[(0,t.jsxs)("form",{onSubmit:e=>{e.preventDefault(),b.trim()&&ec.mutate({target:b.trim(),deep:k})},children:[(0,t.jsx)("label",{className:"text-sm font-semibold text-[var(--sc-text-primary)]",children:"What do you want to scan?"}),(0,t.jsx)("input",{value:b,onChange:e=>N(e.target.value),placeholder:"Package name, file path, or directory...",className:"mt-3 w-full rounded-xl border border-[var(--sc-border)] bg-[var(--sc-bg-elevated)] px-4 py-3 text-sm text-[var(--sc-text-primary)] placeholder:text-[var(--sc-text-muted)] focus-ring-cyan"}),(0,t.jsxs)("div",{className:"mt-4 flex flex-wrap items-center gap-3",children:[(0,t.jsxs)("button",{type:"button",onClick:()=>el.mutate("file",{onSuccess:e=>{e.path&&N(e.path)}}),className:"inline-flex items-center gap-2 rounded-xl border border-[var(--sc-border)] bg-[var(--sc-surface-interactive)] px-4 py-2.5 text-sm font-medium text-[var(--sc-text-secondary)] transition-all hover:bg-[var(--sc-surface-interactive-hover)] hover:text-[var(--sc-text-primary)]",children:[(0,t.jsx)(c,{size:14})," Browse file"]}),(0,t.jsxs)("button",{type:"button",onClick:()=>el.mutate("folder",{onSuccess:e=>{e.path&&N(e.path)}}),className:"inline-flex items-center gap-2 rounded-xl border border-[var(--sc-border)] bg-[var(--sc-surface-interactive)] px-4 py-2.5 text-sm font-medium text-[var(--sc-text-secondary)] transition-all hover:bg-[var(--sc-surface-interactive-hover)] hover:text-[var(--sc-text-primary)]",children:[(0,t.jsx)(l,{size:14})," Browse folder"]}),(0,t.jsxs)("label",{className:"inline-flex items-center gap-2 rounded-xl border border-[var(--sc-border)] bg-[var(--sc-surface-interactive)] px-3 py-2.5 text-sm text-[var(--sc-text-secondary)]",children:[(0,t.jsx)("input",{type:"checkbox",checked:k,onChange:e=>w(e.target.checked),className:"h-4 w-4 rounded border-[var(--sc-border)] accent-[var(--sc-cyan)]"}),"Deep scan",!eN?.deepScan&&(0,t.jsx)(d.Lock,{size:12,className:"text-[var(--sc-coral)]"})]}),(0,t.jsxs)(g.Button,{type:"submit",variant:"coral",glow:!0,disabled:ec.isPending||!b.trim(),children:[ec.isPending?"Scanning…":"Run Scan",(0,t.jsx)(r.ArrowRight,{size:14})]})]}),(0,t.jsx)("p",{className:"mt-3 text-xs text-[var(--sc-text-muted)]",children:"Native macOS picker via local API, or paste a path / package name directly."})]}),el.isError&&(0,t.jsx)("div",{className:"mt-3 rounded-xl border border-[var(--sc-coral)]/20 bg-[var(--sc-coral)]/5 px-4 py-3 text-sm text-[var(--sc-coral)]",children:el.error instanceof Error?el.error.message:"Failed to open native picker"}),eg&&(0,t.jsx)("div",{className:`mt-4 rounded-xl px-4 py-3 text-sm ${ey?"border border-[var(--sc-amber)]/20 bg-[var(--sc-amber)]/5 text-[var(--sc-amber)]":"border border-[var(--sc-coral)]/20 bg-[var(--sc-coral)]/5 text-[var(--sc-coral)]"}`,children:eg.message})]}),(0,t.jsxs)(h.GlassCard,{className:`p-6 ${ec.isPending?"scan-sweep":""}`,children:[(0,t.jsxs)("div",{className:"flex items-center justify-between gap-3",children:[(0,t.jsx)("h3",{className:"text-lg font-semibold text-[var(--sc-text-primary)]",children:"Scan Result"}),(0,t.jsxs)("div",{className:"flex gap-2",children:[(0,t.jsxs)(p.Badge,{variant:"muted",children:[eb.total," scans"]}),(0,t.jsxs)(p.Badge,{variant:"muted",children:["Avg ",eb.avgScore??"—"]})]})]}),ej?(0,t.jsxs)("div",{className:"mt-5 space-y-4",children:[(0,t.jsxs)("div",{className:"flex items-start gap-6",children:[(0,t.jsx)(j,{score:ej.trustScore,size:120}),(0,t.jsxs)("div",{className:"flex-1 min-w-0",children:[(0,t.jsxs)("div",{className:"flex flex-wrap items-center gap-3",children:[(0,t.jsx)("h4",{className:"min-w-0 break-words text-lg font-semibold text-[var(--sc-text-primary)]",children:ej.target}),(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(ej.riskLevel),children:ej.riskLevel})]}),(0,t.jsxs)("div",{className:"mt-2 flex flex-wrap gap-2",children:[(0,t.jsxs)(p.Badge,{variant:"muted",children:[ej.filesScanned," files"]}),(0,t.jsx)(p.Badge,{variant:"muted",children:ej.deepScan?"Deep":"Standard"}),(0,t.jsx)(p.Badge,{variant:"muted",children:K(ej.scannedAt)})]})]})]}),(0,t.jsx)("div",{className:"space-y-3",children:0===ej.findings.length?(0,t.jsx)("div",{className:"rounded-xl border border-[var(--sc-cyan)]/20 bg-[var(--sc-cyan)]/5 px-4 py-4 text-sm text-[var(--sc-cyan)]",children:"No findings detected. This target looks clean."}):ej.findings.map((e,a)=>(0,t.jsxs)(h.GlassCard,{severity:e.severity,className:"p-4",children:[(0,t.jsxs)("div",{className:"flex flex-wrap items-center gap-2",children:[(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(e.severity),children:e.severity}),(0,t.jsx)(p.Badge,{variant:"muted",children:e.category})]}),(0,t.jsx)("p",{className:"mt-2 text-sm font-semibold text-[var(--sc-text-primary)]",children:e.title}),(0,t.jsx)("p",{className:"mt-1 text-sm text-[var(--sc-text-secondary)]",children:e.description}),(e.file||e.evidence)&&(0,t.jsxs)("div",{className:"mt-2 space-y-0.5 font-mono text-xs text-[var(--sc-text-muted)]",children:[e.file&&(0,t.jsxs)("div",{children:["File: ",e.line?`${e.file}:${e.line}`:e.file]}),e.evidence&&(0,t.jsxs)("div",{children:["Evidence: ",e.evidence]})]}),(0,t.jsx)(Q,{finding:{...e,id:ep[a]?.id,status:ep[a]?.status},target:ej.target}),ep[a]&&(0,t.jsx)("div",{className:"mt-3 border-t border-[var(--sc-border)] pt-3",children:(0,t.jsx)(R,{findingId:ep[a].id,status:ep[a].status,hasFile:!!e.file,compact:!0})})]},`${e.title}-${a}`))})]}):(0,t.jsx)("div",{className:"mt-5 rounded-xl bg-[var(--sc-bg-elevated)] px-5 py-8 text-center text-sm text-[var(--sc-text-muted)]",children:"Run a scan or select one from history to see results here."})]})]}),(0,t.jsxs)("div",{className:"space-y-4",children:[(0,t.jsxs)(h.GlassCard,{strong:!0,className:"p-5",children:[(0,t.jsx)("h4",{className:"text-xs font-semibold uppercase tracking-[0.18em] text-[var(--sc-text-muted)]",children:"Capabilities"}),(0,t.jsx)("div",{className:"mt-4 space-y-3",children:[{label:"Local scan",enabled:eN?.localScan??!0},{label:"Watch mode",enabled:eN?.watchMode??!0},{label:"Preinstall hook",enabled:eN?.preinstallHook??!1},{label:"npm inspection",enabled:eN?.npmInspection??!1},{label:"Deep scan",enabled:eN?.deepScan??!1}].map(e=>(0,t.jsxs)("div",{className:"flex items-center justify-between rounded-lg bg-[var(--sc-bg-elevated)] px-3 py-2",children:[(0,t.jsx)("span",{className:"text-sm text-[var(--sc-text-secondary)]",children:e.label}),(0,t.jsx)(p.Badge,{variant:e.enabled?"cyan":"muted",dot:!0,children:e.enabled?"On":"Off"})]},e.label))})]}),(0,t.jsxs)(h.GlassCard,{strong:!0,className:"p-5",children:[(0,t.jsx)("h4",{className:"text-xs font-semibold uppercase tracking-[0.18em] text-[var(--sc-text-muted)]",children:"Quick stats"}),(0,t.jsxs)("div",{className:"mt-4 space-y-3",children:[(0,t.jsxs)("div",{className:"flex items-center justify-between rounded-lg bg-[var(--sc-bg-elevated)] px-3 py-2",children:[(0,t.jsx)("span",{className:"text-sm text-[var(--sc-text-secondary)]",children:"Watch roots"}),(0,t.jsxs)("span",{className:"text-sm font-semibold text-[var(--sc-text-primary)]",children:[ek?.activeWatchRoots??0," active"]})]}),(0,t.jsxs)("div",{className:"flex items-center justify-between rounded-lg bg-[var(--sc-bg-elevated)] px-3 py-2",children:[(0,t.jsx)("span",{className:"text-sm text-[var(--sc-text-secondary)]",children:"Stale roots"}),(0,t.jsx)("span",{className:"text-sm font-semibold text-[var(--sc-amber)]",children:ek?.staleWatchRoots??0})]}),(0,t.jsxs)("div",{className:"flex items-center justify-between rounded-lg bg-[var(--sc-bg-elevated)] px-3 py-2",children:[(0,t.jsx)("span",{className:"text-sm text-[var(--sc-text-secondary)]",children:"Blocked events"}),(0,t.jsx)("span",{className:"text-sm font-semibold text-[var(--sc-coral)]",children:ek?.blockedEvents??0})]})]})]})]})]}),"history"===e&&(0,t.jsxs)("div",{className:"space-y-4",children:[(0,t.jsxs)(h.GlassCard,{className:"p-4",children:[(0,t.jsxs)("div",{className:"grid gap-3 lg:grid-cols-[1fr_auto_auto]",children:[(0,t.jsx)("input",{value:q,onChange:e=>D(e.target.value),placeholder:"Filter by file, folder, or package...",className:"rounded-xl border border-[var(--sc-border)] bg-[var(--sc-bg-elevated)] px-4 py-2.5 text-sm text-[var(--sc-text-primary)] placeholder:text-[var(--sc-text-muted)] focus-ring-cyan"}),(0,t.jsxs)("select",{value:E,onChange:e=>z(e.target.value),className:"rounded-xl border border-[var(--sc-border)] bg-[var(--sc-bg-elevated)] px-4 py-2.5 text-sm text-[var(--sc-text-primary)]",children:[(0,t.jsx)("option",{value:"ALL",children:"All risk"}),(0,t.jsx)("option",{value:"CRITICAL",children:"Critical"}),(0,t.jsx)("option",{value:"HIGH",children:"High"}),(0,t.jsx)("option",{value:"MEDIUM",children:"Medium"}),(0,t.jsx)("option",{value:"LOW",children:"Low"}),(0,t.jsx)("option",{value:"SAFE",children:"Safe"})]}),(0,t.jsxs)("select",{value:A,onChange:e=>P(e.target.value),className:"rounded-xl border border-[var(--sc-border)] bg-[var(--sc-bg-elevated)] px-4 py-2.5 text-sm text-[var(--sc-text-primary)]",children:[(0,t.jsx)("option",{value:"all",children:"All targets"}),(0,t.jsx)("option",{value:"file",children:"Files"}),(0,t.jsx)("option",{value:"dir",children:"Directories"}),(0,t.jsx)("option",{value:"npm",children:"Packages"})]})]}),(0,t.jsx)("div",{className:"mt-3 flex gap-2",children:["all","true","false"].map(e=>(0,t.jsx)("button",{onClick:()=>M(e),className:`rounded-lg px-3 py-1.5 text-xs font-medium transition-all ${L===e?"bg-[var(--sc-coral)] text-white":"bg-[var(--sc-surface-interactive)] text-[var(--sc-text-muted)] hover:text-[var(--sc-text-secondary)]"}`,children:"all"===e?"All scans":"true"===e?"Deep only":"Standard only"},e))})]}),(0,t.jsxs)("div",{className:"grid gap-6 xl:grid-cols-[0.45fr_0.55fr]",children:[(0,t.jsx)("div",{className:"space-y-3",children:0===er.length?(0,t.jsx)(h.GlassCard,{className:"p-5 text-center text-sm text-[var(--sc-text-muted)]",children:"No matching scan history yet."}):er.map(e=>(0,t.jsxs)(h.GlassCard,{hover:!0,selected:ed===e.id,onClick:()=>{B(e.id),N(e.target),w(e.deepScan)},className:"p-4",children:[(0,t.jsx)("div",{className:"truncate text-sm font-semibold text-[var(--sc-text-primary)]",children:e.target}),(0,t.jsx)("div",{className:"mt-1 text-xs text-[var(--sc-text-muted)]",children:K(e.scannedAt)}),(0,t.jsxs)("div",{className:"mt-2 flex flex-wrap gap-2",children:[(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(e.riskLevel),children:e.riskLevel}),(0,t.jsxs)(p.Badge,{variant:"muted",children:["Score ",e.trustScore]}),(0,t.jsxs)(p.Badge,{variant:"muted",children:[e.findingCount," findings"]})]})]},e.id))}),ej?(0,t.jsxs)(h.GlassCard,{strong:!0,className:"p-6",children:[(0,t.jsxs)("div",{className:"flex items-start gap-5",children:[(0,t.jsx)(j,{score:ej.trustScore,size:100}),(0,t.jsxs)("div",{className:"flex-1 min-w-0",children:[(0,t.jsx)("h4",{className:"break-words text-lg font-semibold text-[var(--sc-text-primary)]",children:ej.target}),(0,t.jsxs)("div",{className:"mt-2 flex flex-wrap gap-2",children:[(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(ej.riskLevel),children:ej.riskLevel}),(0,t.jsxs)(p.Badge,{variant:"muted",children:[ej.filesScanned," files"]}),(0,t.jsx)(p.Badge,{variant:"muted",children:ej.deepScan?"Deep":"Standard"})]})]})]}),(0,t.jsx)("div",{className:"mt-5 space-y-3",children:0===ej.findings.length?(0,t.jsx)("div",{className:"rounded-xl border border-[var(--sc-cyan)]/20 bg-[var(--sc-cyan)]/5 px-4 py-3 text-sm text-[var(--sc-cyan)]",children:"Clean — no findings."}):ej.findings.map((e,a)=>(0,t.jsxs)(h.GlassCard,{severity:e.severity,className:"p-3",children:[(0,t.jsxs)("div",{className:"flex items-center gap-2",children:[(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(e.severity),children:e.severity}),(0,t.jsx)("span",{className:"text-sm font-medium text-[var(--sc-text-primary)]",children:e.title})]}),(0,t.jsx)("p",{className:"mt-1 text-xs text-[var(--sc-text-secondary)]",children:e.description}),(0,t.jsx)(Q,{finding:e,target:ej.target})]},`${e.title}-${a}`))})]}):(0,t.jsx)(h.GlassCard,{className:"flex items-center justify-center p-8 text-sm text-[var(--sc-text-muted)]",children:"Select a scan from the list to view details."})]})]}),"watch"===e&&(0,t.jsxs)("div",{className:"space-y-6",children:[(0,t.jsxs)(h.GlassCard,{strong:!0,className:"p-6",children:[(0,t.jsx)("h3",{className:"text-lg font-semibold text-[var(--sc-text-primary)]",children:"Start Watching"}),(0,t.jsx)("p",{className:"mt-1 text-sm text-[var(--sc-text-muted)]",children:"Monitor a directory for file changes and automatically scan for threats in real-time."}),(0,t.jsxs)("form",{className:"mt-4 flex flex-wrap items-end gap-3",onSubmit:e=>{e.preventDefault(),H.trim()&&em.mutate({target:H.trim(),deep:V})},children:[(0,t.jsx)("div",{className:"flex-1",children:(0,t.jsx)("input",{value:H,onChange:e=>O(e.target.value),placeholder:"Directory path, e.g. /Users/michael/Development/project",className:"w-full rounded-xl border border-[var(--sc-border)] bg-[var(--sc-bg-elevated)] px-4 py-3 text-sm text-[var(--sc-text-primary)] placeholder:text-[var(--sc-text-muted)] focus-ring-cyan"})}),(0,t.jsxs)("button",{type:"button",onClick:()=>el.mutate("folder",{onSuccess:e=>{e.path&&O(e.path)}}),className:"inline-flex items-center gap-2 rounded-xl border border-[var(--sc-border)] bg-[var(--sc-surface-interactive)] px-4 py-3 text-sm font-medium text-[var(--sc-text-secondary)] transition-all hover:bg-[var(--sc-surface-interactive-hover)] hover:text-[var(--sc-text-primary)]",children:[(0,t.jsx)(l,{size:14})," Browse"]}),(0,t.jsxs)("label",{className:"inline-flex items-center gap-2 rounded-xl border border-[var(--sc-border)] bg-[var(--sc-surface-interactive)] px-3 py-3 text-sm text-[var(--sc-text-secondary)]",children:[(0,t.jsx)("input",{type:"checkbox",checked:V,onChange:e=>U(e.target.checked),className:"h-4 w-4 rounded accent-[var(--sc-cyan)]"}),"Deep"]}),(0,t.jsxs)(g.Button,{type:"submit",variant:"cyan",disabled:em.isPending||!H.trim(),children:[em.isPending?"Starting…":"Start Watch",(0,t.jsx)(i.Eye,{size:14})]})]}),em.isSuccess&&(0,t.jsxs)("p",{className:"mt-3 text-sm text-[var(--sc-cyan)]",children:["Watching ",em.data.root]}),em.isError&&(0,t.jsx)("p",{className:"mt-3 text-sm text-[var(--sc-coral)]",children:em.error instanceof Error?em.error.message:"Failed to start watch"})]}),eu.length>0&&(0,t.jsxs)("div",{children:[(0,t.jsx)("h4",{className:"mb-3 text-sm font-semibold uppercase tracking-wider text-[var(--sc-text-muted)]",children:"Active Watchers (This Session)"}),(0,t.jsx)("div",{className:"grid gap-3 lg:grid-cols-2",children:eu.map(e=>(0,t.jsxs)(h.GlassCard,{className:"flex items-center justify-between p-4",children:[(0,t.jsxs)("div",{className:"min-w-0",children:[(0,t.jsx)("p",{className:"truncate text-sm font-semibold text-[var(--sc-text-primary)]",children:e.root}),(0,t.jsxs)("p",{className:"text-xs text-[var(--sc-text-muted)]",children:["PID ",e.pid]})]}),(0,t.jsxs)("div",{className:"flex items-center gap-2",children:[(0,t.jsx)(p.Badge,{variant:"cyan",dot:!0,pulse:!0,children:"Watching"}),(0,t.jsx)(g.Button,{variant:"outline",size:"sm",onClick:()=>ev.mutate(e.root),disabled:ev.isPending,children:"Stop"})]})]},e.root))})]}),(0,t.jsxs)("div",{className:"flex items-center justify-between gap-3",children:[(0,t.jsx)("h4",{className:"text-sm font-semibold uppercase tracking-wider text-[var(--sc-text-muted)]",children:"Session History"}),(0,t.jsx)("div",{className:"flex gap-2",children:["all","active","stale","ended"].map(e=>(0,t.jsx)("button",{onClick:()=>G(e),className:`rounded-lg px-3 py-1.5 text-xs font-medium capitalize transition-all ${I===e?"bg-[var(--sc-coral)] text-white":"bg-[var(--sc-surface-interactive)] text-[var(--sc-text-muted)] hover:text-[var(--sc-text-secondary)]"}`,children:e},e))})]}),0===en.length?(0,t.jsxs)(h.GlassCard,{className:"p-8 text-center text-sm text-[var(--sc-text-muted)]",children:["No watch sessions recorded yet. Start a watcher above or use ",(0,t.jsx)("code",{className:"font-mono text-[var(--sc-cyan)]",children:"shieldcortex xray --watch ./src"})," from the CLI."]}):(0,t.jsx)("div",{className:"grid gap-4 lg:grid-cols-2",children:en.map(e=>(0,t.jsxs)(h.GlassCard,{className:"p-5",children:[(0,t.jsxs)("div",{className:"flex items-start justify-between gap-3",children:[(0,t.jsxs)("div",{className:"min-w-0",children:[(0,t.jsx)("p",{className:"truncate text-sm font-semibold text-[var(--sc-text-primary)]",children:e.root}),(0,t.jsxs)("p",{className:"mt-1 text-xs text-[var(--sc-text-muted)]",children:["Started ",K(e.startedAt)]})]}),(0,t.jsx)(p.Badge,{variant:"active"===e.state?"cyan":"stale"===e.state?"amber":"muted",dot:!0,pulse:"active"===e.state,children:e.state})]}),(0,t.jsx)("p",{className:"mt-2 text-sm text-[var(--sc-text-secondary)]",children:e.lastEventSummary??"No detections yet"}),(0,t.jsxs)("div",{className:"mt-3 flex flex-wrap gap-2",children:[(0,t.jsxs)(p.Badge,{variant:"muted",children:[e.changesDetected," changes"]}),(0,t.jsxs)(p.Badge,{variant:"muted",children:[e.findingsDetected," findings"]}),(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(e.highestRiskLevel),children:e.highestRiskLevel})]})]},e.id))})]}),"activity"===e&&(0,t.jsxs)("div",{className:"space-y-4",children:[(0,t.jsx)("div",{className:"flex gap-2",children:["all","scan","watch","preinstall"].map(e=>(0,t.jsx)("button",{onClick:()=>W(e),className:`rounded-lg px-3 py-1.5 text-xs font-medium capitalize transition-all ${T===e?"bg-[var(--sc-coral)] text-white":"bg-[var(--sc-surface-interactive)] text-[var(--sc-text-muted)] hover:text-[var(--sc-text-secondary)]"}`,children:"all"===e?"All activity":e},e))}),0===ei.length?(0,t.jsx)(h.GlassCard,{className:"p-8 text-center text-sm text-[var(--sc-text-muted)]",children:"No matching automatic events yet."}):(0,t.jsx)("div",{className:"space-y-3",children:ei.map(e=>(0,t.jsx)(h.GlassCard,{className:"p-4",children:(0,t.jsxs)("div",{className:"flex items-start justify-between gap-3",children:[(0,t.jsxs)("div",{className:"min-w-0 flex-1",children:[(0,t.jsxs)("div",{className:"flex items-center gap-2",children:[(0,t.jsx)(o,{size:14,className:"shrink-0 text-[var(--sc-coral)]"}),(0,t.jsx)("span",{className:"text-sm font-semibold capitalize text-[var(--sc-text-primary)]",children:e.kind})]}),(0,t.jsx)("p",{className:"mt-1 truncate text-sm text-[var(--sc-text-secondary)]",children:e.target}),(0,t.jsx)("p",{className:"mt-1 text-xs text-[var(--sc-text-muted)]",children:e.summary})]}),(0,t.jsx)(p.Badge,{variant:"pass"===e.status?"safe":"blocked"===e.status?"critical":"warn"===e.status?"medium":"amber",children:e.status})]})},e.id))})]}),"findings"===e&&(0,t.jsxs)("div",{className:"space-y-4",children:[ea&&(0,t.jsxs)("div",{className:"flex flex-wrap gap-2",children:[(0,t.jsxs)(p.Badge,{variant:"coral",children:[ea.new," new"]}),(0,t.jsxs)(p.Badge,{variant:"muted",children:[ea.reviewed," reviewed"]}),(0,t.jsxs)(p.Badge,{variant:"cyan",children:[ea.resolved," resolved"]}),(0,t.jsxs)(p.Badge,{variant:"amber",children:[ea.quarantined," quarantined"]}),(0,t.jsxs)(p.Badge,{variant:"muted",children:[ea.ignored," ignored"]}),(0,t.jsxs)(p.Badge,{variant:"muted",children:[ea.total," total"]})]}),(0,t.jsx)("div",{className:"flex flex-wrap gap-2",children:[{key:"new",label:"Needs attention",accent:!0},{key:"reviewed",label:"Reviewed",accent:!1},{key:"resolved",label:"Resolved",accent:!1},{key:"ignored",label:"Ignored",accent:!1},{key:"quarantined",label:"Quarantined",accent:!1},{key:"all",label:"Everything",accent:!1}].map(({key:e,label:a,accent:s})=>(0,t.jsxs)("button",{onClick:()=>J(e),className:`rounded-lg px-3 py-1.5 text-xs font-medium transition-all ${_===e?s?"bg-[var(--sc-coral)] text-white":"bg-[var(--sc-cyan)] text-[var(--sc-bg-deep)]":"bg-[var(--sc-surface-interactive)] text-[var(--sc-text-muted)] hover:text-[var(--sc-text-secondary)]"}`,children:[a,"new"===e&&ea&&ea.new>0&&(0,t.jsx)("span",{className:"ml-1.5 rounded-full bg-white/20 px-1.5 py-0.5 text-[10px] font-bold",children:ea.new})]},e))}),es?.findings&&0!==es.findings.length?(0,t.jsx)("div",{className:"space-y-3",children:es.findings.map(e=>(0,t.jsxs)(h.GlassCard,{severity:e.severity,className:"p-5",children:[(0,t.jsxs)("div",{className:"flex flex-wrap items-center gap-2",children:[(0,t.jsx)(p.Badge,{variant:(0,p.riskVariant)(e.severity),children:e.severity}),(0,t.jsx)(p.Badge,{variant:"muted",children:e.category}),e.systemFile&&(0,t.jsx)(p.Badge,{variant:"muted",children:"System file — likely safe"}),e.guidance?.urgency==="usually-safe"&&!e.systemFile&&(0,t.jsx)(p.Badge,{variant:"cyan",children:"Usually safe"}),e.guidance?.urgency==="act-now"&&(0,t.jsx)(p.Badge,{variant:"critical",dot:!0,pulse:!0,children:"Act now"})]}),(0,t.jsx)("p",{className:"mt-3 text-sm font-semibold text-[var(--sc-text-primary)]",children:e.title}),e.guidance&&(0,t.jsxs)("div",{className:"mt-3 space-y-3 rounded-xl bg-[var(--sc-bg-elevated)] p-4",children:[(0,t.jsxs)("div",{children:[(0,t.jsx)("p",{className:"text-[11px] font-semibold uppercase tracking-wider text-[var(--sc-text-muted)]",children:"What this means"}),(0,t.jsx)("p",{className:"mt-1 text-sm leading-relaxed text-[var(--sc-text-secondary)]",children:e.guidance.whatItMeans})]}),(0,t.jsxs)("div",{children:[(0,t.jsx)("p",{className:"text-[11px] font-semibold uppercase tracking-wider text-[var(--sc-cyan)]",children:"What to do"}),(0,t.jsx)("p",{className:"mt-1 text-sm leading-relaxed text-[var(--sc-text-secondary)]",children:e.guidance.whatToDo})]}),(0,t.jsxs)("div",{children:[(0,t.jsx)("p",{className:"text-[11px] font-semibold uppercase tracking-wider text-[var(--sc-text-muted)]",children:"False positive?"}),(0,t.jsx)("p",{className:"mt-1 text-xs leading-relaxed text-[var(--sc-text-muted)]",children:e.guidance.falsePositiveNote})]})]}),(e.file||e.evidence)&&(0,t.jsxs)("div",{className:"mt-3 space-y-0.5 font-mono text-xs text-[var(--sc-text-muted)]",children:[e.file&&(0,t.jsxs)("div",{children:["File: ",e.line?`${e.file}:${e.line}`:e.file]}),e.evidence&&(0,t.jsxs)("div",{children:["Evidence: ",e.evidence]})]}),(0,t.jsx)(Q,{finding:e}),(0,t.jsx)("div",{className:"mt-2 text-xs text-[var(--sc-text-muted)]",children:K(e.detectedAt)}),(0,t.jsx)("div",{className:"mt-3 border-t border-[var(--sc-border)] pt-3",children:(0,t.jsx)(R,{findingId:e.id,status:e.status,hasFile:!!e.file,compact:!0})})]},e.id))}):(0,t.jsxs)(h.GlassCard,{className:"p-8 text-center",children:[(0,t.jsx)("p",{className:"text-sm text-[var(--sc-text-primary)]",children:"new"===_?"All clear — no findings need attention":`No ${"all"===_?"":_+" "}findings`}),(0,t.jsx)("p",{className:"mt-1 text-xs text-[var(--sc-text-muted)]",children:"new"===_?"Run an X-Ray scan or start a watcher to monitor for threats.":"Findings move here when you take action on them."})]})]})]})})}e.s(["XRayOverview",()=>O],27918)}]);

package/dist/api/events.js CHANGED Viewed

@@ -41,6 +41,8 @@ export function emitMemoryUpdated(memory) {
     memoryEvents.emit('memory_updated', { memory });
 }
 export function emitMemoryDeleted(memoryId, title) {
+    // The bare `title` is masked centrally when broadcast (deepRedactRestrictedContent
+    // scrubs every title-keyed string), so no per-emit redaction is needed here.
     memoryEvents.emit('memory_deleted', { memoryId, title });
 }
 export function emitConsolidation(result, promotedMemories = [], deletedMemories = []) {

package/dist/api/redact-response.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * Express middleware: deep-redact RESTRICTED (credential-class) memory content
+ * from every JSON response the visualization API sends.
+ *
+ * The dashboard renders in a BROWSER, so a raw credential reaching the DOM is a
+ * leak vector (screenshots, screen-shares, disk cache). Memories surface at many
+ * nesting depths across the API (`{ memories: [...] }`, recall `results[].memory`,
+ * openclaw `sessions[].memories[]`, review-queue `sections.stale[]`,
+ * `contradictions[].memoryA`), so a single response interceptor that walks the
+ * whole tree is the only way to guarantee none is missed. The row itself stays
+ * intact (title/metadata) so the owner can still see/manage it; full content
+ * remains available via the CLI, which is not a browser surface.
+ */
+export declare function redactRestrictedResponses(_req: Request, res: Response, next: NextFunction): void;

package/dist/api/redact-response.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { deepRedactRestrictedContent } from '../defence/trust/read-guard.js';
+/**
+ * Express middleware: deep-redact RESTRICTED (credential-class) memory content
+ * from every JSON response the visualization API sends.
+ *
+ * The dashboard renders in a BROWSER, so a raw credential reaching the DOM is a
+ * leak vector (screenshots, screen-shares, disk cache). Memories surface at many
+ * nesting depths across the API (`{ memories: [...] }`, recall `results[].memory`,
+ * openclaw `sessions[].memories[]`, review-queue `sections.stale[]`,
+ * `contradictions[].memoryA`), so a single response interceptor that walks the
+ * whole tree is the only way to guarantee none is missed. The row itself stays
+ * intact (title/metadata) so the owner can still see/manage it; full content
+ * remains available via the CLI, which is not a browser surface.
+ */
+export function redactRestrictedResponses(_req, res, next) {
+    const originalJson = res.json.bind(res);
+    res.json = ((body) => originalJson(deepRedactRestrictedContent(body)));
+    next();
+}

package/dist/api/routes/memories.js CHANGED Viewed

@@ -1,13 +1,40 @@
 import { homedir } from 'os';
 import { join } from 'path';
 import { existsSync, readdirSync, readFileSync } from 'fs';
-import { getDatabase } from '../../database/init.js';
+import { getDatabase, withTransaction } from '../../database/init.js';
 import { searchMemories, getRecentMemories, getHighPriorityMemories, countMemories, countHighPriorityMemories, getMemoryStats, getMemoryById, addMemory, deleteMemory, accessMemory, updateMemory, mergeMemories, promoteMemory, createMemoryLink, rowToMemory, enrichMemory, } from '../../memory/store.js';
 import { calculateDecayedScore } from '../../memory/decay.js';
 import { consolidate, findDuplicateMemoryPairs, formatContextSummary, generateContextSummary, } from '../../memory/consolidate.js';
 import { getActivationStats, getActiveMemories } from '../../memory/activation.js';
 import { detectContradictions, getContradictionsFor } from '../../memory/contradiction.js';
 import { emitConsolidation } from '../events.js';
+import { guardDashboardContextSummary, RESTRICTED_CONTENT_PLACEHOLDER } from '../../defence/trust/read-guard.js';
+/** Upper bound on memories a single bulk-review call may touch (actions are reversible). */
+const MAX_BULK_REVIEW = 1000;
+/**
+ * Resolve a review action keyword into the `updateMemory` field updates. Shared
+ * by the single PATCH /api/memories/:id/review route and the bulk endpoint so the
+ * action vocabulary lives in one place. Returns null for an unknown action.
+ */
+function buildReviewUpdates(action, opts) {
+    const reviewActor = typeof opts.reviewedBy === 'string' && opts.reviewedBy.trim() ? opts.reviewedBy.trim() : 'dashboard';
+    const map = {
+        archive: { status: 'archived', reviewedBy: reviewActor },
+        suppress: { status: 'suppressed', reviewedBy: reviewActor },
+        restore: { status: 'active', reviewedBy: reviewActor },
+        pin: { pinned: true, reviewedBy: reviewActor },
+        unpin: { pinned: false, reviewedBy: reviewActor },
+        canonicalize: { status: 'canonical', pinned: true, reviewedBy: reviewActor },
+        excludeCloud: { cloudExcluded: true, reviewedBy: reviewActor },
+        includeCloud: { cloudExcluded: false, reviewedBy: reviewActor },
+        rescopeProject: { scope: 'project', project: opts.project ?? null, reviewedBy: reviewActor },
+        rescopeGlobal: { scope: 'global', project: null, reviewedBy: reviewActor },
+    };
+    const updates = map[action];
+    if (!updates)
+        return null;
+    return { ...updates, ...(opts.scope ? { scope: opts.scope } : {}) };
+}
 export function registerMemoryRoutes(app, deps) {
     const { requireNotLocked, requireIronDomeAction } = deps;
     function deriveLocalOpenClawSessionId(memory) {
@@ -251,6 +278,10 @@ export function registerMemoryRoutes(app, deps) {
                 total = countMemories(project, filters);
             }
             const hasMore = offset + limit < total;
+            // RESTRICTED content is redacted globally by the response interceptor; no
+            // per-row dropping here (the dashboard is a management surface — low-trust
+            // rows must stay visible to be triaged, and dropping post-slice would also
+            // desync total/hasMore).
             const paginatedMemories = memories.slice(offset, offset + limit);
             // Batch-load entity_ids per memory so the constellation graph client
             // can map list rows to graph nodes without an N+1 fetch.
@@ -963,7 +994,10 @@ export function registerMemoryRoutes(app, deps) {
     app.get('/api/context', requireNotLocked, async (req, res) => {
         try {
             const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const summary = await generateContextSummary(project);
+            // Redact RESTRICTED content BEFORE formatting — the `formatted` string bakes
+            // content in, so the response interceptor (which only walks structured JSON)
+            // cannot reach it. Guarding the summary first covers both fields.
+            const summary = guardDashboardContextSummary(await generateContextSummary(project));
             res.json({
                 summary,
                 formatted: formatContextSummary(summary),
@@ -1151,7 +1185,11 @@ export function registerMemoryRoutes(app, deps) {
             const updates = {};
             if (title !== undefined)
                 updates.title = title.trim();
-            if (content !== undefined)
+            // Never persist the redaction placeholder as real content. RESTRICTED content
+            // is withheld from the browser, so a dashboard edit form can only echo the
+            // placeholder back — writing it would silently destroy the real secret. Drop
+            // a content update that is exactly the placeholder (true edits are unaffected).
+            if (content !== undefined && content !== RESTRICTED_CONTENT_PLACEHOLDER)
                 updates.content = content;
             if (category !== undefined)
                 updates.category = category;
@@ -1193,26 +1231,10 @@ export function registerMemoryRoutes(app, deps) {
             if (Number.isNaN(id)) {
                 return res.status(400).json({ error: 'Invalid memory ID' });
             }
-            const reviewActor = typeof reviewedBy === 'string' && reviewedBy.trim() ? reviewedBy.trim() : 'dashboard';
-            const actionMap = {
-                archive: { status: 'archived', reviewedBy: reviewActor },
-                suppress: { status: 'suppressed', reviewedBy: reviewActor },
-                restore: { status: 'active', reviewedBy: reviewActor },
-                pin: { pinned: true, reviewedBy: reviewActor },
-                unpin: { pinned: false, reviewedBy: reviewActor },
-                canonicalize: { status: 'canonical', pinned: true, reviewedBy: reviewActor },
-                excludeCloud: { cloudExcluded: true, reviewedBy: reviewActor },
-                includeCloud: { cloudExcluded: false, reviewedBy: reviewActor },
-                rescopeProject: { scope: 'project', project: project ?? null, reviewedBy: reviewActor },
-                rescopeGlobal: { scope: 'global', project: null, reviewedBy: reviewActor },
-            };
-            if (!action || !actionMap[action]) {
+            const updates = buildReviewUpdates(action ?? '', { reviewedBy, project, scope });
+            if (!updates) {
                 return res.status(400).json({ error: 'Unsupported review action' });
             }
-            const updates = {
-                ...actionMap[action],
-                ...(scope ? { scope } : {}),
-            };
             const updated = updateMemory(id, updates);
             if (!updated) {
                 return res.status(404).json({ error: 'Memory not found' });
@@ -1223,6 +1245,49 @@ export function registerMemoryRoutes(app, deps) {
             res.status(500).json({ error: error.message });
         }
     });
+    // Bulk review: apply one reversible review action to many memories at once, so
+    // the dashboard's large triage queues (Never Used, Noisy Auto, …) can be cleared
+    // without one round-trip per card. Mirrors the quarantine bulk-approve pattern.
+    // Reversible actions only (archive/suppress/restore/pin/…) — there is no bulk
+    // delete here. Best-effort with a per-row failure list; capped at MAX_BULK_REVIEW.
+    app.post('/api/memories/review/bulk', requireNotLocked, requireIronDomeAction({
+        action: 'modify_records',
+        channel: 'dashboard',
+        sourceIdentifier: 'dashboard:memory-review-bulk',
+        enforceAmber: true,
+    }), (req, res) => {
+        try {
+            const { ids, action, reviewedBy, project, scope } = req.body;
+            if (!Array.isArray(ids) || ids.length === 0) {
+                return res.status(400).json({ error: 'ids must be a non-empty array' });
+            }
+            const numericIds = Array.from(new Set(ids.filter((x) => Number.isInteger(x))));
+            if (numericIds.length === 0) {
+                return res.status(400).json({ error: 'ids must contain integers' });
+            }
+            if (numericIds.length > MAX_BULK_REVIEW) {
+                return res.status(400).json({ error: `Too many ids (max ${MAX_BULK_REVIEW}) — narrow the selection.` });
+            }
+            const updates = buildReviewUpdates(action ?? '', { reviewedBy, project, scope });
+            if (!updates) {
+                return res.status(400).json({ error: 'Unsupported review action' });
+            }
+            let updated = 0;
+            const failed = [];
+            withTransaction(() => {
+                for (const id of numericIds) {
+                    if (updateMemory(id, updates))
+                        updated += 1;
+                    else
+                        failed.push(id);
+                }
+            });
+            res.json({ success: true, updated, total: numericIds.length, failed });
+        }
+        catch (error) {
+            res.status(500).json({ error: error.message });
+        }
+    });
     app.post('/api/memories/:id/quarantine', requireNotLocked, requireIronDomeAction({
         action: 'modify_records',
         channel: 'dashboard',

package/dist/api/visualization-server.js CHANGED Viewed

@@ -16,6 +16,8 @@ import { getDatabase, initDatabase, checkpointWal } from '../database/init.js';
 import { DEFAULT_CONFIG } from '../memory/types.js';
 import { getRecentMemories, getMemoryStats, rowToMemory, updateDecayScores } from '../memory/store.js';
 import { calculateDecayedScore } from '../memory/decay.js';
+import { deepRedactRestrictedContent, redactRestrictedForDisplay } from '../defence/trust/read-guard.js';
+import { redactRestrictedResponses } from './redact-response.js';
 import { memoryEvents, emitDecayTick, getUnprocessedEvents, markEventsProcessed, cleanupOldEvents, } from './events.js';
 import { BrainWorker } from '../worker/brain-worker.js';
 import { isKillSwitchActive, getKillSwitchMeta, activateKillSwitch, deactivateKillSwitch } from './control.js';
@@ -300,6 +302,11 @@ export function startVisualizationServer(dbPath) {
         }
         next();
     });
+    // ── RESTRICTED content redaction ────────────────────────
+    // Deep-redact RESTRICTED (credential-class) memory content from every JSON
+    // response — the dashboard is a browser surface, so the secret must never reach
+    // the DOM. The row stays visible so the owner can manage it. See the middleware.
+    app.use(redactRestrictedResponses);
     // Token handshake — dashboard claims on load (survives page refresh)
     app.get('/api/auth/session-token', (_req, res) => {
         const token = getSessionToken();
@@ -778,9 +785,11 @@ export function startVisualizationServer(dbPath) {
         ws.on('pong', () => { ws.isAlive = true; });
         clients.add(ws);
         console.log(`[WS] Client connected. Total: ${clients.size}`);
-        // Send initial state
+        // Send initial state. The WS feed renders in the same browser surface as the
+        // REST API but does not pass through the res.json interceptor, so redact
+        // RESTRICTED content here explicitly.
         const stats = getMemoryStats();
-        const memories = getRecentMemories(100);
+        const memories = redactRestrictedForDisplay(getRecentMemories(100));
         const memoriesWithDecay = memories.map(m => ({
             ...m,
             decayedScore: calculateDecayedScore(m),
@@ -811,9 +820,11 @@ export function startVisualizationServer(dbPath) {
             catch { /* already closing */ }
         });
     });
-    // Broadcast events to all connected clients
+    // Broadcast events to all connected clients. memory_created/updated/accessed
+    // events carry the full memory in `data.memory`, so redact RESTRICTED content
+    // before it leaves over the WS (mirrors the REST response interceptor).
     function broadcast(event) {
-        const message = JSON.stringify(event);
+        const message = JSON.stringify(deepRedactRestrictedContent(event));
         for (const client of clients) {
             try {
                 if (client.readyState === WebSocket.OPEN) {

package/dist/cloud/cli.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { getCloudConfig, setCloudConfig, getCloudSyncControls, setCloudSyncControls, getDefenceMode, setDefenceMode, getVerifyConfig, setVerifyConfig, getReviewCopilotConfig, getOpenClawAutoMemory, setOpenClawAutoMemory, isProactiveRecallEnabled, setProactiveRecall, restore410Defaults, getRankerConfig, setRankerConfig, getToolResponseScanConfig, setToolResponseScanConfig, } from './config.js';
+import { getCloudConfig, setCloudConfig, getCloudSyncControls, setCloudSyncControls, getDefenceMode, setDefenceMode, getVerifyConfig, setVerifyConfig, getReviewCopilotConfig, getOpenClawAutoMemory, setOpenClawAutoMemory, isProactiveRecallEnabled, setProactiveRecall, restore410Defaults, getRankerConfig, setRankerConfig, getToolResponseScanConfig, setToolResponseScanConfig, isRevokeBySourceEnabled, setRevokeBySourceEnabled, } from './config.js';
 const VALID_RANKER_ENGINES = ['rrf', 'legacy'];
 import { syncAllGraphToCloud } from './graph-sync.js';
 import { syncAllMemoriesToCloud } from './memory-sync.js';
@@ -22,6 +22,7 @@ export function handleCloudConfig(args) {
         console.log('\nShieldCortex Configuration:');
         console.log(`  Defence Mode: ${mode}`);
         console.log(`  Tool-Output Firewall: ${toolFirewall.scanToolResponses ? toolFirewall.toolResponseMode : 'Off'}`);
+        console.log(`  Revoke-by-source: ${isRevokeBySourceEnabled() ? 'Enabled (destructive)' : 'Disabled (default)'}`);
         console.log(`  Cloud Enabled:  ${config.cloudEnabled ? 'Yes' : 'No'}`);
         console.log(`  API Key:  ${config.cloudApiKey ? config.cloudApiKey.substring(0, 12) + '...' : 'Not set'}`);
         console.log(`  Base URL: ${config.cloudBaseUrl}`);
@@ -210,6 +211,16 @@ export function handleCloudConfig(args) {
         console.log('Tool-output firewall enabled (scanning on).');
         changed = true;
     }
+    if (args.includes('--allow-revoke-by-source')) {
+        setRevokeBySourceEnabled(true);
+        console.log('Revoke-by-source ENABLED. `forget --fromSource` can now bulk-delete a source\'s memories (trust-hierarchy ACL still applies). Disable again with --disallow-revoke-by-source when done.');
+        changed = true;
+    }
+    if (args.includes('--disallow-revoke-by-source')) {
+        setRevokeBySourceEnabled(false);
+        console.log('Revoke-by-source disabled (default).');
+        changed = true;
+    }
     if (args.includes('--upsell-mute')) {
         setUpsellState({ proMuted: true });
         console.log('Pro upsell muted. Re-enable with --upsell-unmute.');
@@ -238,6 +249,7 @@ export function handleCloudConfig(args) {
         console.log('  --tool-firewall-enforce   Redact/withhold threatening tool output before the agent sees it');
         console.log('  --tool-firewall-advisory  Log tool-output threats but deliver intact (default)');
         console.log('  --tool-firewall-off / --tool-firewall-on  Disable / enable tool-output scanning');
+        console.log('  --allow-revoke-by-source / --disallow-revoke-by-source  Enable/disable destructive forget --fromSource (default: disabled)');
         console.log('  --restore-4.10-defaults  Restore pre-v4.11.0 defaults (recall on, strict interceptor, minimal preamble)');
         console.log('  --upsell-mute          Suppress the Pro upsell footer in doctor');
         console.log('  --upsell-unmute        Allow the Pro upsell footer to surface again');

package/dist/cloud/config.d.ts CHANGED Viewed

@@ -191,6 +191,16 @@ export declare function getToolResponseScanConfig(): ToolResponseScanConfig;
  * Persists tool response scanning config.
  */
 export declare function setToolResponseScanConfig(updates: Partial<ToolResponseScanConfig>): void;
+/**
+ * revoke-by-source (bulk delete all memories from a source) is a destructive
+ * mass-delete primitive. Because a prompt-injection adversary runs AS the agent
+ * at the agent's own trust, no in-band (trust) check can distinguish "the human
+ * asked" from "an injection asked". So it is gated OFF by default and can only
+ * be enabled by an out-of-band human action (editing config / the CLI flag) that
+ * a hijacked agent cannot perform.
+ */
+export declare function isRevokeBySourceEnabled(): boolean;
+export declare function setRevokeBySourceEnabled(enabled: boolean): void;
 /**
  * Returns a stable UUID for this machine.
  * Generates and persists on first call; reads from config thereafter.

package/dist/cloud/config.js CHANGED Viewed

@@ -938,6 +938,21 @@ export function setToolResponseScanConfig(updates) {
             raw.toolResponseMode = updates.toolResponseMode;
     });
 }
+// ── Revoke-by-source gate ─────────────────────────────
+/**
+ * revoke-by-source (bulk delete all memories from a source) is a destructive
+ * mass-delete primitive. Because a prompt-injection adversary runs AS the agent
+ * at the agent's own trust, no in-band (trust) check can distinguish "the human
+ * asked" from "an injection asked". So it is gated OFF by default and can only
+ * be enabled by an out-of-band human action (editing config / the CLI flag) that
+ * a hijacked agent cannot perform.
+ */
+export function isRevokeBySourceEnabled() {
+    return readRawConfig().allowRevokeBySource === true;
+}
+export function setRevokeBySourceEnabled(enabled) {
+    mutateRawConfig((raw) => { raw.allowRevokeBySource = enabled; });
+}
 // ── Device Identity ────────────────────────────────────
 /**
  * Returns a stable UUID for this machine.

package/dist/defence/audit/queries.d.ts CHANGED Viewed

@@ -21,7 +21,7 @@ export interface AgentTimelinePoint {
 export interface AuditQueryOptions {
     startTime?: string;
     endTime?: string;
-    operation?: 'write' | 'read' | 'delete' | 'update';
+    operation?: 'write' | 'read' | 'delete' | 'update' | 'revoke';
     source?: string;
     firewallResult?: FirewallResult;
     memoryId?: number;

package/dist/defence/trust/access-control.d.ts CHANGED Viewed

@@ -22,7 +22,4 @@ export interface AccessCheckMemory {
     source?: string | null;
     sensitivity_level?: string | null;
 }
-/**
- * Check whether a source has access to a memory for a given operation.
- */
-export declare function checkAccess(memory: AccessCheckMemory, source: DefenceSource, operation: 'read' | 'write' | 'delete'): AccessPolicy;
+export declare function checkAccess(memory: AccessCheckMemory, source: DefenceSource, operation: 'read' | 'write' | 'delete' | 'revoke'): AccessPolicy;

package/dist/defence/trust/access-control.js CHANGED Viewed

@@ -12,6 +12,13 @@ import { scoreSource } from './source-scorer.js';
 /**
  * Check whether a source has access to a memory for a given operation.
  */
+/** Parse a stored "type:identifier" source string back into a DefenceSource. */
+function parseStoredSource(stored) {
+    const i = stored.indexOf(':');
+    if (i === -1)
+        return { type: 'agent', identifier: stored }; // unknown shape → low-trust agent
+    return { type: stored.slice(0, i), identifier: stored.slice(i + 1) };
+}
 export function checkAccess(memory, source, operation) {
     const trust = scoreSource(source).score;
     const memorySource = memory.source || '__system:unattributed';
@@ -50,6 +57,31 @@ export function checkAccess(memory, source, operation) {
         }
         return deny('Can only delete own memories (trust ≥0.5)');
     }
+    if (operation === 'revoke') {
+        // Trust-hierarchy revoke (revoke-by-source remediation): own cleanup, OR a
+        // high-trust caller may purge a STRICTLY lower-trust source's memories.
+        // Equal/higher-trust targets are protected, so a 0.9 agent can never revoke
+        // user:direct (1.0). Single-row 'delete' stays own-only — this override is
+        // reachable only through the explicit revoke path.
+        if (isOwner && trust >= 0.5) {
+            return { canRead: true, canWrite: false, canDelete: true, writeRequiresQuarantine: false, reason: 'Owner revoke' };
+        }
+        // Fail-safe: never mass-revoke unattributed / unclassifiable memories. They
+        // have no clear owner to outrank, and a 0-trust target would be outranked by
+        // any caller — so a high-trust caller must NOT be able to sweep null-source
+        // rows by source.
+        if (!memory.source || memorySource === '__system:unattributed') {
+            return deny('Revoke denied: unattributed memories cannot be revoked by source');
+        }
+        const targetTrust = scoreSource(parseStoredSource(memorySource)).score;
+        if (targetTrust > 0 && trust >= 0.7 && trust > targetTrust) {
+            return {
+                canRead: true, canWrite: false, canDelete: true, writeRequiresQuarantine: false,
+                reason: `Trust-hierarchy revoke (caller ${trust.toFixed(2)} > target ${targetTrust.toFixed(2)})`,
+            };
+        }
+        return deny('Revoke denied: must own the source or outrank it (trust ≥0.7 and strictly > a known target source trust)');
+    }
     return deny('Unknown operation');
 }
 function allow(reason) {

package/dist/defence/trust/read-guard.d.ts CHANGED Viewed

@@ -43,3 +43,45 @@ export declare function guardReadBySensitivity(memories: Memory[]): Memory[];
 export declare function guardContextSummary(summary: ContextSummary): ContextSummary;
 /** Guard a single memory; returns null if the caller may not read it. */
 export declare function guardReadMemory(memory: Memory | null | undefined, source: DefenceSource | undefined): Memory | null;
+/**
+ * Dashboard / HTTP visualization-API read guard.
+ *
+ * The dashboard is the OWNER's surface, but it renders in a BROWSER — so raw
+ * RESTRICTED (credential-class) content there is a leak vector (screenshots,
+ * screen-shares, the browser's disk cache). Policy (REDACT, don't drop):
+ *
+ *   - RESTRICTED rows are KEPT (so the owner sees the memory exists and can
+ *     review/delete it) but their `content` is replaced with a placeholder;
+ *   - because sensitivity is classified on TITLE + CONTENT together, a secret can
+ *     also live in the title or metadata — so credential SPANS in those fields are
+ *     masked too (a benign label like "AWS deploy key" is left intact);
+ *   - low-trust / trust-0 rows are NOT dropped: the dashboard is a management
+ *     surface (its Review queue exists to triage exactly these), so the owner must
+ *     see them. Only RESTRICTED *content* is withheld, never whole rows.
+ *
+ * RESTRICTED full content remains available via the CLI (`recall`/`get_memory`),
+ * which is not a browser-render surface. Dropping quarantined rows is the MCP
+ * read-boundary's job (a subagent caller), not the owner's dashboard.
+ */
+export declare const RESTRICTED_CONTENT_PLACEHOLDER = "\uD83D\uDD12 [RESTRICTED content withheld \u2014 view via CLI]";
+/** Redact RESTRICTED memories for display (content withheld; title/metadata secret-scrubbed). */
+export declare function redactRestrictedForDisplay(memories: Memory[]): Memory[];
+/** Apply the dashboard redaction to every memory list in a context summary (used before formatting). */
+export declare function guardDashboardContextSummary(summary: ContextSummary): ContextSummary;
+/**
+ * Deep-walk an arbitrary HTTP-response payload and redact every RESTRICTED memory
+ * object it contains (withhold `content`; mask credential spans in `title` and
+ * string `metadata`), returning a redacted COPY (the input is never mutated —
+ * payloads often reference the live row cache).
+ *
+ * This is the comprehensive backstop for the visualization API: memories surface
+ * at many different nesting depths (`{ memories: [...] }`, recall
+ * `results[].memory`, openclaw `sessions[].memories[]`, review-queue
+ * `sections.stale[]`, `contradictions[].memoryA`), so guarding each route by hand
+ * would inevitably miss one. A single response interceptor that walks the whole
+ * tree cannot. It does NOT reach content already baked into a pre-rendered string
+ * (e.g. `/api/context`'s `formatted`) or bare title fields stripped of their
+ * sensitivity label (the contradictions endpoints, the `memory_deleted` event) —
+ * those are scrubbed at their own surface.
+ */
+export declare function deepRedactRestrictedContent<T>(value: T, seen?: WeakSet<object>): T;