Dashboard Guide

A view-by-view walkthrough of the ShieldCortex local dashboard. For CLI commands, API integration, and hook setup, see the Docs.

Getting Started

Launch the dashboard with a single command:

npx shieldcortex --dashboard
# Dashboard: http://localhost:3030
# API: http://localhost:3001

To start the dashboard automatically on login:

npx shieldcortex service install

Layout

The dashboard is a single-page application with four main areas:

  • Top bar — project selector, search input with autocomplete, filter toggle, and connection status indicator
  • Filter bar (collapsible) — type filters (short-term, long-term, episodic) and category filters (architecture, pattern, error, learning, preference, context)
  • Left nav rail — 8 view buttons with icons and badge counts (e.g. blocked threat count on Shield)
  • Main content area — the active view, with smooth transitions when switching

Tip

If all stats show zero when you first open the dashboard, your hooks aren't installed yet. Run npx shieldcortex setup to auto-detect your agent and configure hooks.

Shield View

Your default view — a real-time overview of your defence posture.

What you'll see

  • Pipeline Status — the 6-layer defence pipeline with per-layer health indicators. A yellow alert appears if config integrity (HMAC) checks fail, which auto-switches to strict mode.
  • Threat Timeline — recent scan activity plotted over time, showing allowed, blocked, and quarantined results.
  • Defence Stats — counts of allowed, blocked, and quarantined items since the dashboard was started.
  • Quarantine Preview — the most recent quarantined items with quick-action buttons.
  • Cloud Upsell — if cloud sync isn't configured, a card guides you through the signup flow. Once connected, it shows sync status.
  • Skills Scanner Card — quick-access button to scan your agent instruction files for threats.
  • OpenClaw Memory Panel — if the OpenClaw hook is installed, a panel for controlling auto-memory settings: toggle auto-memory on/off, enable deduplication, adjust the novelty threshold, and set the max recent memory count.

Key actions

  • Click a quarantine preview item to jump to the Quarantine view with that item selected.
  • Use the defence mode dropdown to switch between strict, balanced, and permissive modes.
  • Use the OpenClaw Memory Panel to adjust auto-memory settings without editing config files.

Tip

The pipeline status updates in real time via WebSocket. If the connection drops, it falls back to polling every 30 seconds. Watch the status dot in the top bar — green means connected, yellow means polling.

Audit Log

Every memory operation that passes through the defence pipeline is logged here.

What you'll see

  • Log table — rows showing timestamp, source, content preview, firewall result, and trust score. Results are colour-coded: green (ALLOW), red (BLOCK), yellow (QUARANTINE).
  • Filter controls — filter by time range, source type, and firewall result.
  • Detail panel — click any row to open a slide-out panel showing full entry details: result badge, sensitivity level, source, trust score, anomaly score, and detected indicators.

Key actions

  • Click a row to inspect full details in the side panel.
  • Use the filter dropdowns to narrow results by time, source, or result type.

Tip

Press Escape to close the detail panel. Use and to navigate between rows.

Quarantine

Items flagged by the defence pipeline as suspicious but not outright blocked. You decide whether to approve or reject them.

What you'll see

  • Status tabs — filter between pending, approved, and rejected items.
  • Item cards — each card shows the content, source, anomaly score, and threat indicators detected.

Key actions

  • Approve — releases the item into memory storage.
  • Reject — permanently discards the item.
  • Bulk actions — select multiple items for batch approve or reject.

Tip

Bulk reject requires typing YES to confirm — this prevents accidental mass deletion. Individual approvals and rejections don't require confirmation.

Skills Scanner

Scans your agent instruction files (skills, rules, hooks) for security threats like prompt injection and unicode backdoors.

What you'll see

  • File list — all detected instruction files with their scan status and finding count.
  • Finding details — click a file to see individual findings with severity badges (critical, high, medium, low, info).

Key actions

  • Scan — click the scan button to run a fresh scan of all instruction files.
  • Click a file to expand its findings and see descriptions, matched patterns, and remediation guidance.

Tip

You can also scan from the CLI with npx shieldcortex scan-skills or run a full environment audit with npx shieldcortex audit.

Memories

Browse, search, and manage all memories stored in your local database.

What you'll see

  • Memory cards — each memory displayed with its title, category, type (short-term / long-term / episodic), salience score, and creation date.
  • Memory count — total number of memories matching current filters.
  • View toggle — switch between grid and list layouts.

Key actions

  • Search — use the top bar search to find memories by content (semantic search).
  • Filter — use the filter bar to narrow by type (short-term, long-term, episodic) and category (architecture, pattern, error, etc.).
  • Sort — sort by date, salience, or category using the dropdown.
  • Delete — select memories for individual or bulk deletion.
  • Reinforce — click a memory to mark it as accessed, which boosts its salience score and delays decay.

Tip

Memories decay over time based on the consolidation algorithm. Regularly accessed memories maintain higher salience. Use the Consolidate button in the control panel to trigger memory consolidation manually — this promotes short-term memories to long-term and decays stale ones.

3D Brain

A three-dimensional visualisation of your memory space. Each memory appears as a glowing node positioned by category and relationship.

What you'll see

  • Memory nodes — spheres sized by salience and coloured by category. Brighter nodes have higher salience.
  • Neural pathways — lines connecting related memories, showing how knowledge links together.
  • Core sphere — the central brain mesh that pulses with activity.
  • Inspector panel (right side) — click any node to see its full content, metadata, health score, and decay status.
  • Activity feed — recent memory events scrolling at the bottom.

Key actions

  • Rotate — click and drag to orbit around the brain.
  • Zoom — scroll wheel to zoom in and out.
  • Inspect — click a memory node to view its details in the inspector panel.

Tip

The 3D view uses Three.js and loads dynamically. If performance is slow, try reducing the number of visible memories using the type and category filters in the filter bar.

Knowledge Graph

A relationship graph showing how entities (people, tools, concepts, files) connect across your memories.

What you'll see

  • Entity nodes — each extracted entity displayed as a node, sized by how many memories reference it.
  • Relationship edges — lines between entities showing how they relate (references, extends, contradicts, related).

Key actions

  • Navigate — click and drag to pan, scroll to zoom.
  • Inspect — click an entity to see all memories that reference it.

Tip

If the graph is empty, run npx shieldcortex graph backfill to extract entities from existing memories.

Agents

Monitor the trust status and activity of all AI agents interacting with your memory system.

What you'll see

  • Agent hierarchy — agents grouped by trust level with visual indicators.
  • Trust timeline — how each agent's trust score has changed over time.
  • Flagged operations — recent operations from any agent that triggered defence alerts.
  • Alert feed — real-time stream of agent-related security events.

Key actions

  • Click an agent to see its full activity history and trust breakdown.
  • Review flagged operations to understand why specific actions were blocked or quarantined.

Search & Filters

The global search and filter system works across all views.

Search

  • Type in the top bar search field to find memories by content. Search is debounced (300ms) with autocomplete suggestions.
  • Results use semantic search powered by an embedded language model — you don't need exact keyword matches.

Filters

Toggle the filter bar with the filter icon in the top bar. Two filter dimensions:

FilterOptions
Typeshort_term, long_term, episodic
Categoryarchitecture, pattern, error, learning, preference, context

Project selector

Use the project dropdown in the top bar to filter memories by project scope, or select "All" to see everything.

Defence Modes

ShieldCortex runs in one of three modes that control how aggressively the defence pipeline responds to suspicious content.

ModeBehaviourBest for
strictBlocks aggressively on any suspicionUntrusted sources, production environments
balancedDefault — blocks clear threats, quarantines ambiguous contentMost use cases
permissiveLogs everything but rarely blocksTrusted environments, debugging

Change the mode from the dashboard dropdown on the Shield view, or from the CLI:

npx shieldcortex config --mode strict

The mode persists across restarts. It's stored in ~/.shieldcortex/config.json.

Tip

If config tampering is detected (HMAC integrity check failure), ShieldCortex automatically switches to strict mode and displays a warning on the Shield view. This prevents compromised agents from lowering your defences.

Cloud Sync

Connect your local dashboard to ShieldCortex Cloud for centralised audit logs, team visibility, and a hosted dashboard.

Connecting

Two ways to connect:

  • From the dashboard — click the Cloud Upsell card on the Shield view. Enter your email, check your inbox for the magic link, and click it. The dashboard auto-configures itself.
  • From the CLI — if you already have a Team licence key and Cloud API key:
shieldcortex license activate <team-key>
shieldcortex config --cloud-api-key <key> --cloud-enable

Headless servers

For Linux servers, cloud VMs, CI runners, and always-on boxes, add the persistent worker after connecting Cloud:

shieldcortex service install --headless
shieldcortex service status

In the Cloud dashboard, online means a recent ShieldCortex heartbeat, not just that the machine itself is powered on.

Status indicators

  • Green — connected and syncing
  • Yellow — polling / reconnecting
  • Orange — paused
  • Red — disconnected / error

What syncs

  • Metadata only — scan results, trust scores, and threat classifications. No memory content ever leaves your machine.
  • Fire-and-forget — sync happens asynchronously and never blocks your agent. If the network is down, the scan still completes locally.
  • Automatic retry — failed syncs are queued with exponential backoff and retried automatically.

For full Cloud documentation including team management, API reference, and pricing, see the Cloud section in Docs.

Ready to get started?

Install ShieldCortex and launch the dashboard in under a minute.

Quick Start Guide
npm install shieldcortex