Changelog

Defence pipeline hardening — wired skill scanner threat patterns into write-time pipeline.

• + Skill threat patterns at write-time — the firewall now blocks the seven skill scanner categories on every memory write, not just on demand: tool_injection, scope_escalation, data_exfiltration, persistence, supply_chain, agent_manipulation, and stealth_instruction.
• + Decoded content re-scan expanded — base64/hex payloads are now re-checked against credential detection and the seven skill threat patterns, not just the legacy injection set.
• + Path traversal protection — /api/skills/scan rejects ../ escapes before touching the filesystem.

Proactive Recall, self-update CLI, OpenClaw plugin hardening, and database resilience improvements.

• + Proactive Recall — relevant memories auto-injected into every conversation before the model responds. FTS5 + category boost in under 100ms. Works with Claude Code and OpenClaw.
• + shieldcortex update — new CLI command to check for and install the latest version.
• + Clickable dashboard — stat cards, hygiene numbers, and quality items navigate to the relevant view on click. Review focus wiring auto-scrolls to the right section.
• + Cloud sync actions — Clear Failed button in the warning banner. Honest messaging for dead-letter failures instead of "healthy with failed history".
• ~ Database resilience — auto-reconnect when the live DB file is replaced during recovery. Stale backup cleanup on startup. Precision fix for threshold comparisons.
• ~ OpenClaw plugin hardened — removed child_process dependency for scanner compatibility. Auto-migrate stale hook registrations. Plugin reinstall handles existing directories automatically.
• ~ Quality API aligned — duplicate counts now match between stat cards and review queue. SKILL.md rewritten for ClawHub scanner transparency.

Constellation Graph, Review Queue redesign, X-Ray accuracy, cloud sync diagnostics, and 13 bug fixes.

• + Constellation Knowledge Graph — cluster-based view with coloured nebula halos, bloom-on-click drill-down, and cross-cluster ghost links.
• + Review Queue redesign — card-based flow with Keep/Suppress/Archive actions, slide animations, and progress bar.
• + X-Ray accuracy — eliminated 98% of false positives with path exclusions, header-only polyglot checks, and code-aware obfuscation detection.
• + Cloud sync diagnostics — clear failed items, manual refresh, save feedback, replication status cards.
• ~ Auth token race conditions, WebSocket reconnect, graph search limits, button defaults, keyboard accessibility, and 8 more fixes.

Finding lifecycle, X-Ray findings dashboard, dashboard redesign with dark theme, and watch mode improvements.

• + Finding Lifecycle — X-Ray findings now have persistent status (new, reviewed, ignored, resolved, quarantined) with review, ignore, resolve, quarantine, and delete actions.
• + Findings Tab — new tab in X-Ray with status filters, stats summary, and action buttons on every finding.
• + Dashboard Redesign — OpenClaw-inspired dark theme with coral/cyan accents, glassmorphic cards, simplified navigation from 18 routes to 5 tabbed sections.
• + Real-time Alerts — watch detections broadcast via WebSocket with toast notifications in the dashboard.

X-Ray — a new product module for inspecting packages, files, and plugins for hidden risk.

• + X-Ray Scanner — shieldcortex xray <target> scans local files, directories, and npm packages for eval/exec, shell execution, AI directives, prompt injection, steganography, obfuscation, unicode tricks, network beacons, persistence hooks, and dependency risk.
• + Trust Score — 0–100 score with SAFE / LOW / MEDIUM / HIGH / CRITICAL risk levels.
• + Deep npm scan — --deep flag pulls registry metadata for full package analysis (Pro).
• + Output formats — --json and --markdown for scripting and reports.