Doba vibe codingu a agentov si žiadamúdrejší štít.

Keystroke dynamics, mouse trajectory R², scroll patterns, touch events, form-fill timing, page-dwell — 28 real-time signals fed into the local scorer and backend scoring pipeline.

Canvas, WebGL, audio context, font detection, navigator fingerprinting fused into a SHA-256 device hash. Detects headless browsers and anti-detect tools.

Flags concrete mismatches a real human never exhibits: Chrome UA with missing window.chrome, Windows UA on Linux platform, empty navigator.languages, outerWidth=0, headless default resolutions, navigator.webdriver=true. +12 per signal, cap +40.

Redis snapshot (4 h TTL) of device_hash, webgl_renderer, user_agent, timezone, screen_resolution at session start. Sensitive events (login, form submit, checkout) compare the live fingerprint; drift adds +40/+25/+20/+15/+10 respectively.

OpenAI- and Anthropic-compatible base URL. Shield scans every prompt before forwarding and every completion before returning, blocks on policy hit, strips PII / secrets on stream.

Embedding-based detection across 14 attack categories. "Disregard earlier directives" ≈ "Ignore previous instructions" at cosine 0.70. Thresholds: ≥0.82 block, ≥0.68 challenge. Ollama-local embeddings — zero per-request API cost.

Tool-call interception for Claude / Cursor / IDE agents. JSON Schema validation of arguments, chain-step limit 50, domain allowlist, explicit approval gates on destructive tools. Inspects every invocation against agent-protection rules before execution.

40+ patterns scanning input + output + tool calls before / after the model runs. Runs alongside the Semantic Firewall for layered defence.

5 tools exposed via MCP: shield_get_stats, shield_get_threats, shield_add_rule, shield_get_events, shield_verify_token. Let your Claude / Cursor agent investigate and act on incidents without leaving the chat.

AST-parsed SQL validation. Blocks UNION, INTO OUTFILE, pg_sleep, information_schema. LIMIT capped at 1000. Sensitive columns (password, api_key, ssn) auto-redacted. Query fingerprinting and honeytoken trap tables.

Wallet detection: BTC (P2PKH/Bech32), ETH, SOL, TRX, XRP, LTC, DOGE. BIP-39 seed phrase scanning (12/24 word). Signing prompts (EIP-712). 14 mining domains blocked. Payment redirect patterns.

Bigram gibberish detection (EN / DE / CS / SK / ES), 100+ disposable email domains, spam patterns (repeated chars, ALL CAPS, URL flood), suspicious name detection. Additive scoring: gibberish +15, disposable email +25, multi-field cluster bonus.

check_upload() accepts form_fields. When a file upload is accompanied by form data (title, description, name, message), Content Quality Scoring runs on those fields too. A clean PDF with "test / asdf / qwerty" metadata still gets rejected at score ≥ 25.

Every file passes a quarantine gate — extension allowlist, magic-byte MIME sniffing, Office macro detection, PDF JavaScript / Launch / OpenAction, SVG / HTML script injection. Per-tenant max size and extension list.

Three-tier honeypot per form with password-manager detection (1Password / Bitwarden / LastPass / Dashlane). Tier 1 (+80), Tier 2 (+40), Tier 3 (+15, auto-downgraded to +5 when PWM detected). Hidden /trap/{slug} URL endpoint — crawlers following /admin, /.env trigger cross-tenant flags.

Python (FastAPI / Django / Flask), Node.js (Express / Next.js), PHP (WordPress / Laravel). Validates X-Shield-Token on every request. No token → 403. HMAC verify is cached 30 s per (token, path).

3-state breaker (closed / open / half_open) in all three backend SDKs. After 5 consecutive transport errors → OPEN for 30 s → 1 HALF_OPEN probe. 4xx doesn't trip the breaker. PHP uses APCu for cross-FPM-worker state. No more 5 s timeouts on every request during an upstream incident.

Reason → (machine_code, human_hint) map. /shield/verify and all 3 SDK 403 bodies return remediation + remediation_code. Legit false-positive users see "Your session expired — please reload" instead of a silent 403.

Drop-in PHP plugin: auto-injects the widget, ships middleware that validates Shield tokens on /wp-login.php and admin endpoints. Fail-closed by default, configurable.

Multi-dimensional: per-IP, per-device, per-endpoint. Progressive escalation: monitor → throttle → challenge → block. Redis-backed counters with sliding windows.

IP geolocation via ip-api.com (24 h cache). Per-site blocked / allowed country lists. Datacenter +10, proxy / Tor +15 score modifier. Page-load hard block with access-denied overlay before widget initialises.

Widget prevents form submission at score > 85. Red overlay: "Blocked by Corpilus Shield". Server-signed HMAC-SHA256 tokens auto-attached to fetch() via interceptor.

70+ compiled OWASP patterns scanned automatically on every event. Payload-level inspection happens before scoring.

Hidden form fields invisible to humans. Proof-of-Work SHA-256 challenges on suspicious scores. Progressive login delay (1 s → 8 s).

GPT-4o-mini analyses events every 15 minutes. RAG context from Shield KB (8 security docs). Auto-creates threats and rules from real observations.

Pre-built threat-intel context (mini-CAG). Bot signatures, attack patterns, OWASP samples baked in — new sites are protected from the first page view.

Anonymised pattern sharing — IPs reduced to /24, PII stripped, maturity gating (experimental → candidate → confirmed). One tenant's confirmed attacker becomes everyone's known threat within minutes.

Every 15 min a scheduler computes AI-rule creation velocity vs 7-day baseline. On a 3σ anomaly new rules auto-gate to rollout_state='canary' — they apply only to canary tenants for 24 h. Canary rules with ≥ 2 confirmations without FPs promote to 'confirmed'.

Widget MutationObserver snapshots all <script> tags at boot. Any subsequently injected script is reported as script_integrity_violation telemetry with src, external/same-origin, content length, stable hash. Capped at 25 reports per page-load. Tenant allowlist for trusted CDNs.

Email (HTML), Slack, Discord, generic JSON webhooks. Weekly security report with stats, top threats, block rate. Per-webhook severity gate (low / medium / high / critical).

Every rule change, site config edit, manual block, AI decision is recorded with actor, timestamp, before/after diff. Exportable for compliance audits.

HMAC-SHA256 tokens are minted server-side from the per-site secret and returned via /shield/events. The widget never holds the signing secret — a leaked site_key cannot be used to forge valid tokens.

PostgreSQL Row-Level Security forced on all shield_* tables. Each request runs under a tenant-scoped role — no application-layer bypass possible even if the API has a bug.