TECHNICAL SPECIFICATION V2.1

Defense Architecture

A breakdown of the local-first engine powering ClipShield. From the O(1) Titanium Core to the 384-dimensional GhostBrain.

LAYER 01 // DETECTION

Titanium Core

Deterministic Finite Automaton (DFA)

Conventional Regex engines use backtracking (NFA), which creates "Evil Regex" vulnerabilities (ReDoS) and unpredictable latency. Titanium compiles all 120+ patterns into a single immutable DFA graph at startup.

✓ O(1) Scan Time: Matching speed depends only on input length, never on rule count.
✓ Memory Safety: Built on Rust's `regex-automata` crate. Zero unsafe blocks.
✓ Microsecond Precision: Average scan time < 250µs per clipboard event.

hub

DFA_GRAPH_COMPILED

STATES: 4,096 | TRANSITIONS: 32,768

VECTOR SPACE

LAYER 02 // INTELLIGENCE

GhostBrain AI

Local Semantic Analysis

For threats that lack a fixed pattern (like "strategy memos"), we use a quantized SLM (Small Language Model). It maps text to a 384-dimensional vector space and measures cosine similarity against known "Idea Risks".

                    > MODEL: all-MiniLM-L6-v2 (Quantized Int8)

                    > RUNTIME: ONNX Runtime (Ort)

                    > HARDWARE: Apple CoreML / Metal / AVX-512

                    > LATENCY: ~17ms (Zero-Copy)

LAYER 03 // FORENSICS

The Vault

Encrypted Event Logging

ClipShield provides a tamper-proof audit trail for Incident Response (IR) teams. The database is encrypted at rest using a key derived from the specific machine's hardware fingerprint.

✓ SQLCipher: AES-256-GCM Page-level encryption.
✓ Hardware Binding: Database cannot be opened on another machine.
✓ JSON Structured Logs: Ready for splunk/SIEM ingestion.

lock