Skip to main content
Open source

ShieldCortex

Structured memory security for AI agents

ShieldCortex v4.8.2 gives AI agents proactive recall, X-Ray scanning, structured memory, cloud replica sync, and incident replay — all behind a 6-layer defence pipeline you can inspect, review, and control.

Get Started FreeView on GitHub
Injection ScanPattern MatchEntropy CheckIron DomeQuarantineMemory StorememoryinjectBLOCKEDinputstored
6-layer pipelineSafe memoryBlocked threat

Features

What it does.

Inspectable Memory

See what the agent stored, where it came from, and what it would recall next. Capture, Recall, Review, and graph views turn memory into an operator-controlled workflow.

Proactive Recall

Memories are automatically recalled and injected into every conversation — before the model responds. No more repeated mistakes. FTS5 + category boost in <100ms.

Memory Poisoning Defence

Every memory write passes through a 6-layer defence pipeline covering prompt injection, encoding tricks, fragmentation, anomaly scoring, sensitivity, and credential leakage before it lands.

Iron Dome Behavioural Protection

Agent-aware security that controls what your AI can do, not just what it remembers. Injection scanning, action gates, PII guard, and emergency kill switch.

MCP-Native Workflows

Works as a standalone MCP memory server or integrates with OpenClaw, Claude Code, VS Code, Cursor, and Codex through the shared MCP config.

X-Ray Scanner

Deep file and dependency analysis for prompt injection, steganographic payloads, obfuscated code, credential leaks, risky packages, and CI gatekeeping before bad code lands.

Operator Review Workflows

Suppress, archive, pin, canonicalize, merge, and replay. Teams can investigate incidents, review suspicious memory, and keep future recall under control instead of trusting a black box.

Open Source + 14-Day Pro Trial

Free and open source under the MIT licence. Every new install also unlocks a 14-day Pro trial for custom policies, verification, and audit export before you ever need a licence key.

Structured Memory Types

v4 organises memory into four typed categories — user preferences, feedback from corrections, project context, and reference knowledge — so recall is always scoped to the right kind of information.

Staleness Scoring & Decay

Memories age. v4 applies time-based decay scoring so stale entries sink in relevance, with operator warnings when recalled memories are old enough to be unreliable.

LLM-Powered Reranking

Hybrid recall combines vector similarity with an LLM reranking pass, surfacing the most contextually precise memories instead of just the nearest embeddings.

Dream Mode Consolidation

Run shieldcortex consolidate to trigger background memory consolidation — like sleep for your AI. Dream mode merges duplicates, resolves contradictions, and strengthens important memories offline.

Memory Scopes

Private and team scopes let multi-agent fleets share project context while keeping per-agent preferences isolated. Control exactly what crosses the boundary.

Cloud Replica Sync

Opt-in local-to-cloud replication for memories and graph data, with queue diagnostics, per-project controls, and shared visibility for teams running across multiple devices.

Positive Feedback Capture

v4 doesn't just learn from mistakes. It captures confirmations, successes, and explicit praise so agents reinforce what works — not only what went wrong.

Smart Save Filtering

Before a memory is written, v4 checks whether it's derivable from existing entries or redundant. Duplicate and low-value information is blocked at the gate, keeping memory lean.

How it works

3 simple steps.

1

Capture

Install ShieldCortex and let your agent start storing durable memory with provenance, trust scoring, and source visibility instead of scattered markdown and hidden prompts.

2

Inspect

Use Capture, Recall, and Review to see what the agent stored, what it would retrieve, and what should be suppressed, merged, archived, or marked canonical.

3

Protect

Every memory write is scanned through all six layers. Iron Dome gates risky behaviour. Cloud teams then use Device Doctor, Verify, Replay, and Review to investigate incidents and remediate them.

See It In Action

Watch ShieldCortex block a prompt injection and privilege escalation in real time.

Also on X/Twitter

Pricing

Simple, transparent pricing.

Free

£0

Unlimited local scans, no cloud required

  • Full 6-layer defence pipeline
  • Iron Dome (built-in profiles)
  • Credential leak detection (39 patterns)
  • Local dashboard
  • Proactive recall (FTS5 + category boost, <100ms)
  • MCP memory system + knowledge graph
  • Structured memory types (user, feedback, project, reference)
  • Staleness scoring & decay
  • Smart save filtering
  • X-Ray scanner
  • Agent hooks (OpenClaw, Claude Code, Cursor)
Recommended

Pro

£29/mo

Local licence key after an automatic 14-day Pro trial

  • Everything in Free
  • Custom injection patterns (up to 50)
  • Custom Iron Dome policies
  • Custom firewall rules
  • LLM verification (AI-powered scan review)
  • LLM-powered reranking
  • Dream mode consolidation
  • Positive feedback capture
  • Audit export (JSON/CSV)
  • Webhooks + memory expiry rules
  • Priority email support

Team

£99/mo

Cloud sync, unlimited members

  • Everything in Pro
  • Memory scopes (private + team)
  • Cloud audit sync across devices
  • Device Doctor posture and heartbeat diagnosis
  • Incident Replay exports and share links
  • LLM Verify workspace with scope-aware onboarding
  • Editable API key scopes on existing keys
  • Headless worker support for always-on servers

Enterprise

Custom

Self-hosted, SLA, compliance

  • Everything in Team
  • Self-hosted deployment
  • SIEM integration
  • Compliance exports
  • Volume licensing + SSO
  • Dedicated support + SLA

Frequently Asked Questions

Does ShieldCortex require a cloud account?+
No. The Free and Pro tiers run entirely on your machine with no cloud, no account, and no telemetry. The Team tier adds optional cloud replica sync for memories, graph data, audit logs, and multi-device visibility. To connect a workstation or server to Cloud, activate the Team licence locally, set the Cloud API key, enable cloud sync, and run the persistent worker on always-on machines so ShieldCortex can send heartbeats.
How does the 6-layer defence pipeline work?+
Every memory write passes through six layers in sequence: input sanitisation (strips control characters), pattern detection (regex-based prompt injection firewall), sensitivity classification (PUBLIC through RESTRICTED), fragmentation detection (cross-references recent entries), trust and anomaly scoring (source-based with automatic decay), and credential leak detection (39 patterns across 19 providers).
What is ShieldCortex best at?+
ShieldCortex is strongest when you need an AI agent to keep useful memory without letting untrusted memory become future truth. Its core value is memory security: inspect what was stored, see what will be recalled, review suspicious or contradictory memory, and block poisoning before it spreads. v4.8.2 combines proactive recall with X-Ray scanning, structured memory, cloud replica sync, incident replay, dream mode consolidation, and smart save filtering to keep memory clean and operationally useful.
What is Iron Dome?+
Iron Dome is the behavioural protection layer included free with ShieldCortex. It controls what your AI agent can do — not just what it remembers. It includes injection scanning, action gates, PII protection, emergency kill switch, and four built-in security profiles (personal, school, enterprise, paranoid).
Which AI tools does ShieldCortex integrate with?+
ShieldCortex works with OpenClaw (native hook), Claude Code (MCP memory server), VS Code and Cursor (MCP integration), and Codex (shared Codex config). It can also guard any memory backend via the universal memory bridge scan() API.
How do Cloud API key scopes work?+
Cloud keys are scope-based. Teams can now edit an existing key instead of revoking and recreating it. Typical sync devices use scan and audit. Add verify when you want the Verify workspace to receive LLM verification jobs. Keep keys and admin scopes for humans rather than unattended devices.
What does Incident Replay actually show?+
Replay is an incident and event reconstruction surface, not a full chat-session movie. It focuses on audit, verify, sync ingest, and synced memory events that matter for investigation, then lets you export reports, scope by device or project, and jump into Review, Capture, or Graph.
What's new in v4.8.2?+
v4.8.2 reflects the current ShieldCortex platform: proactive recall, X-Ray scanner coverage for files and dependencies, cloud replica sync, incident replay, structured memory types, staleness scoring, LLM-powered reranking, dream mode consolidation, memory scopes, positive feedback capture, webhooks, expiry rules, and headless worker support for always-on servers. In short: it is no longer just memory storage with protection bolted on. It is an operator-grade memory security system.

Secure Your AI Agent Memory with v4.8.2

Proactive recall, X-Ray scanning, cloud replica sync, and structured memory controls. Open source, MIT licensed. Get started in under a minute.

Get Started Free