Iron Dome
Behaviour Protection for AI Agents
The defence pipeline protects your agent's memory. Iron Dome protects your agent's actions. Prompt injection scanning, instruction gating, action approval, PII protection, and emergency stop — activate in one command.
Quick Start
Two commands. Under a minute.
Install the package globally
Activate Iron Dome with a built-in profile
Or choose: enterprise, personal, paranoid
Dual-Layer Security Model
Two pillars. Complete coverage. Memory in, behaviour out.
INBOUND (Memory) OUTBOUND (Behaviour) ┌───────────────────┐ ┌───────────────────────┐ │ 6-Layer Defence │ │ Iron Dome │ │ Pipeline │ │ │ │ │ │ ▸ Injection Scanner │ │ ▸ Sanitisation │ │ ▸ Instruction Gateway │ │ ▸ Pattern Detect │ │ ▸ Action Gate │ │ ▸ Semantic Check │ │ ▸ PII Guard │ │ ▸ Structural Val │ │ ▸ Kill Switch │ │ ▸ Behavioural │ │ ▸ Sub-Agent Control │ │ ▸ Credential Scan │ │ │ └───────────────────┘ └───────────────────────┘ Protects memory from Protects behaviour from poisoning compromise
Six Capabilities
Every layer works independently. Together, they form a complete behavioural shield.
Prompt Injection Scanner
40+ patterns across 8 categories detect fake system messages, authority claims, credential extraction, encoding tricks, and more. Returns severity and risk level.
Instruction Gateway
Validates instructions come from trusted channels. Terminal and CLI are trusted by default. Email, API, and untrusted sources are blocked.
Action Gate
Controls what your agent can do. Actions are auto-approved, require human approval, or blocked entirely. Configure per-profile.
PII Guard
Prevents output of protected personal data. Categories can be set to "never output" or "aggregates only" (totals and averages permitted).
Kill Switch
Emergency stop. When the trigger phrase is detected (default: "cortex halt"), memory creation pauses instantly while Iron Dome stays active. Resume via the dashboard when ready. Customise the phrase with a Pro licence.
Sub-Agent Control
Restrict what spawned sub-agents can do. Block dangerous operations and optionally sanitise context passed to child agents.
Built-in Profiles
Pre-configured security postures for common use cases. Activate instantly, customise later.
School Profile
For schools handling pupil data under GDPR and the UK Data Protection Act.
Trusted Channels
Terminal, CLI
PII Never Output (12 categories)
Pupil names, DOB, address, parent/guardian names, medical info, SEN status, FSM status, ethnicity, religion, national insurance, phone, email
PII Aggregates Only
Attendance, grades, behaviour points, exclusions
Requires Approval
Send email, delete file, API call, export data, share data, modify records, create report
Sub-Agent Blocks
Export pupil data, bulk email, modify safeguarding
Enterprise Profile
For companies handling financial and employee data.
Trusted Channels
Terminal, CLI, Slack
PII Never Output
Credit cards, bank accounts, SSN, tax ID, salary, compensation
PII Aggregates Only
Revenue, expenses, headcount
Requires Approval
Send email, delete file, API call, purchase, transfer funds, modify permissions, deploy, export data
Sub-Agent Blocks
Export financial data, modify payroll
Personal Profile
For individual developers with personal agents.
Trusted Channels
Terminal, CLI, Telegram, email
PII Never Output
Passwords, credit cards, bank accounts
Requires Approval
Send email, purchase, transfer funds, delete file
Paranoid Profile
Zero trust. Maximum security. Every action gated.
Trusted Channels
Terminal only
PII Never Output (9 categories)
Passwords, credit cards, bank accounts, SSN, tax ID, DOB, address, phone, email
PII Aggregates Only
Salary, revenue, expenses
Requires Approval (14 action types)
Create file, modify file, run script, network request, install package, send email, delete file, API call, purchase, transfer funds, modify permissions, deploy, export data, share data
Sub-Agent Blocks
Export data, network request, install package
Code Examples
Use Iron Dome programmatically in your application.
import { activateIronDome, scanForInjection, isActionAllowed, checkPII } from 'shieldcortex'; // 1. Activate Iron Dome activateIronDome('school'); // 2. Scan incoming text for prompt injection const scan = scanForInjection(userInput); if (!scan.clean) { console.log('Blocked: ' + scan.summary); // → "2 injection patterns detected (CRITICAL)" } // 3. Gate actions before executing const action = isActionAllowed('send_email'); if (action.decision === 'requires_approval') { console.log(action.reason); // → "Action send_email requires human approval" } // 4. Check output for PII const pii = checkPII('Student: John Smith, DOB: 15/03/2012'); if (!pii.allowed) { console.log(pii.violations); // → [{category: 'student_name', rule: 'never_output'}, ...] }
CLI Reference
MCP Tools
| Tool | Description |
|---|---|
| iron_dome_status | Check if Iron Dome is active and view config |
| iron_dome_scan | Scan text for prompt injection patterns |
| iron_dome_check | Check if an action is allowed, optionally with channel |
| iron_dome_activate | Activate Iron Dome with an optional profile |
Works Alongside the Defence Pipeline
Iron Dome works alongside the existing 6-layer defence pipeline. Both are local, free, and require no cloud connection. Iron Dome events appear in your audit log and can be synced to ShieldCortex Cloud for team visibility.
Protect Your Agent's Behaviour
Two commands. Instant protection. Free and local.