Add collaborative clipboard import guard

[KoiosSG]

/claim #12

Summary

• Adds collab-clipboard-import-guard/, a focused issue Real-time collaborative research editor & interface #12 slice for the real-time collaborative research editor.
• Gates pasted or imported editor payloads before shared manuscript insertion using import channel recognition, source trust, signed attestation, payload-shape validation, malformed existing-anchor metadata review, source-origin redaction, hidden instruction text, spreadsheet formula cells, malformed table-row handling, local/private paths in content and table cells, lowercase-drive and forward-slash Windows user paths, stale or malformed review metadata, duplicate-anchor checks, and existing shared-document anchor collision checks.
• Emits sanitized blocks, deterministic insertion-lane decisions, reviewer actions, SHA-256 audit digests, JSON packets, Markdown/SVG reports, and a short MP4 demo built from synthetic data.

Latest Hardening

• 14be418: stages malformed existing-anchor metadata before collision checks.
• Adds a regression for imported payloads where existingAnchors is an object instead of an array; the old path crashed with existingAnchors.filter is not a function before packet generation.
• Emits MALFORMED_EXISTING_ANCHORS, keeps the import in curator review, and routes remediation to require_curator_anchor_review instead of claiming collision safety.
• Adds reports/malformed-existing-anchors-packet.json and includes it in generated Markdown/SVG/MP4 reviewer evidence.

Prior Hardening Coverage

• Malformed table rows stage before collaborative insertion, normalize to empty rows in sanitized reviewer output, and route remediation to curator payload review.
• Malformed block entries inside otherwise valid block lists are staged instead of crashing or creating malformed sanitized reviewer output.
• Malformed block-list payloads are staged for curator payload review without throwing before reviewer packet generation.
• Duplicate anchor collisions now flag and regenerate every colliding block, not just the later duplicate.
• Imported anchors that collide with existing shared-document anchors are quarantined and regenerated before insertion.
• Private-reference markers such as private-lab and patient-export are redacted even outside literal filesystem paths when the import is quarantined.
• Imported table cells are included in the local/private path scan and redaction path, including formula cells that reference local paths.
• Source-origin metadata is scanned for local/private paths, quarantined when risky, and redacted before reviewer packets are emitted.
• Missing or unrecognized source trust metadata now stages otherwise clean imports for curator review before collaborative insertion.
• Missing, blank, placeholder, or malformed trusted and partner signed-attestation values now stage imports for curator review before collaborative insertion.
• Signed source attestations must use a sha256: prefix followed by a 64-hex digest before sanitized source metadata reports attested: true.
• Unsupported or missing import channels now stage otherwise clean, trusted, attested imports for curator review before collaborative insertion.
• Malformed review metadata expiry evidence is treated as stale/unverifiable, dropped from sanitized imported comments, and quarantined before shared insertion.
• Lowercase-drive Windows user paths such as c:\Users\... are fully redacted from sanitized reviewer output after quarantine.
• Forward-slash Windows user paths such as C:/Users/... are fully redacted from sanitized reviewer output after quarantine.

Non-overlap

This is scoped to clipboard/file-import provenance before collaborative insertion. It does not duplicate the broad editor foundation, operation replay, offline conflict, notebook/kernel lease, reference formatting/merge, authorship governance, freeze/recovery, discussion sidebar, autosave/local-cache privacy, round-trip fidelity, review decision, task dependency, equation/figure anchor, presence privacy/liveness, accessibility, evidence binding, embargo release, notification visibility, data availability, LaTeX macro safety, suggestion provenance, section-lock arbitration, journal-style conformance, undo/redo provenance, or private-comment export slices.

Validation

• Latest malformed-existing-anchors regression failed before implementation with TypeError: existingAnchors.filter is not a function.
• npm test from collab-clipboard-import-guard/ -> collaborative clipboard import guard tests passed (20).
• npm run demo from collab-clipboard-import-guard/ -> generated 13 JSON packets, including malformed-existing-anchors-packet.json, with expected statuses.
• npm run video from collab-clipboard-import-guard/ -> regenerated reports/demo.mp4.
• npm run check from collab-clipboard-import-guard/ -> JS syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified collab-clipboard-import-guard/reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 116,590 bytes.
• All 13 generated JSON packets parsed successfully.
• git diff --check and git diff --cached --check passed; only Windows line-ending normalization warnings appeared before staging.
• Staged allowlist check confirmed only collab-clipboard-import-guard/ files were staged.
• Focused restricted-string scan returned no payout, credential, or token strings.
• GitHub PR state after push: OPEN, merge state CLEAN, head 14be418; no checks are reported for this branch.

Demo Artifacts

• collab-clipboard-import-guard/reports/clean-packet.json
• collab-clipboard-import-guard/reports/forward-slash-windows-path-packet.json
• collab-clipboard-import-guard/reports/import-provenance-report.md
• collab-clipboard-import-guard/reports/lowercase-windows-path-packet.json
• collab-clipboard-import-guard/reports/malformed-block-list-packet.json
• collab-clipboard-import-guard/reports/malformed-block-entry-packet.json
• collab-clipboard-import-guard/reports/malformed-table-row-packet.json
• collab-clipboard-import-guard/reports/malformed-existing-anchors-packet.json
• collab-clipboard-import-guard/reports/partner-review-packet.json
• collab-clipboard-import-guard/reports/placeholder-attestation-packet.json
• collab-clipboard-import-guard/reports/source-origin-packet.json
• collab-clipboard-import-guard/reports/summary.svg
• collab-clipboard-import-guard/reports/trusted-attestation-packet.json
• collab-clipboard-import-guard/reports/unsafe-packet.json
• collab-clipboard-import-guard/reports/unsupported-channel-packet.json
• collab-clipboard-import-guard/reports/demo.mp4

No external services, credentials, private manuscripts, live collaborator data, or payout data are used.

AI-assisted with OpenAI Codex; I reviewed and locally verified the diff before submitting.

[KoiosSG]

Hardening update pushed in 35a3039: duplicate anchor collisions now flag and regenerate every colliding block, not just the later duplicate, so no original colliding anchor can enter shared manuscript state unchanged. I added a regression that failed before the fix with only blk-second flagged and now passes. Validation refreshed locally: npm test (4 tests), npm run demo, npm run video, npm run check, ffprobe on demo.mp4, git diff --check, and sensitive-term scan returned no matches.

[KoiosSG]

Follow-up hardening pass for the collaborative clipboard import guard.

What changed:

• Added a regression for sensitive private-reference markers that are detected outside literal filesystem paths.
• Redacts private-lab and patient-export marker text from sanitized notebook/import content when the guard already classifies the block as a local/private reference risk.
• This closes the case where an import was correctly quarantined but reviewer-visible sanitized content could still retain sensitive lab/export identifiers.

Validation:

• Confirmed the new regression failed before the implementation because sanitized content still contained private-lab patient-export.
• npm test -> 5 collaborative clipboard import guard tests passed.
• npm run check -> JS syntax checks passed.
• npm run demo -> generated unsafe/partner/clean packets with expected statuses.
• npm run video -> demo video generation passed.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,423 bytes.
• git diff --check and git diff --cached --check passed; the only messages were Git line-ending normalization warnings on Windows.
• Sensitive-term scan of the code/test patch found no payout or credential strings.

[KoiosSG]

Hardening update pushed in 36a3688: imported table cells are now included in the local/private path scan and redaction path. This closes a clipboard/file-import leak where notebook content was protected but a table cell could still carry /Users/..., private-lab, or patient-export context into reviewer-visible sanitized blocks. Formula cells that contain a redacted local path still remain formula-escaped.

Verification refreshed:

• Red regression first: npm test failed on the new private table-cell case (allow_collaborative_insert vs quarantine_import).
• Green: npm test passes with 6 collaborative clipboard import guard tests.
• npm run check passes JS syntax checks.
• npm run demo regenerated JSON/Markdown/SVG artifacts with expected unsafe/partner/clean statuses.
• npm run video regenerated reports/demo.mp4.
• ffprobe confirms reports/demo.mp4 is H.264, 1280x720, 24fps, 7.5s, 112,423 bytes.
• git diff --check and git diff --cached --check pass.
• Credential/payout-focused scan across changed code/docs/reports returned no matches.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 78c3db2:

• Added a regression for otherwise clean imports that omit recognized source trust metadata.
• The guard now emits UNKNOWN_SOURCE_TRUST as a warning and stages those imports for curator review instead of allowing direct collaborative insertion.
• The remediation action routes to require_curator_source_review, matching the trust-boundary intent of the import provenance slice.
• README, requirements map, and acceptance notes now explicitly cover missing or unrecognized source trust metadata.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of stage_for_curator_review.
• npm test -> 7 collaborative clipboard import guard tests passed.
• npm run demo -> generated unsafe/partner/clean packets with expected statuses.
• npm run video -> regenerated demo.mp4.
• npm run check -> JS syntax checks passed for index, sample-data, test, and demo.
• node --check passed for index, demo, and test.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,423 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan returned no payout or credential strings.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in b84e2de:

• Added a regression for imported collaborator review metadata with an unparseable expiresAt value.
• Malformed expiry evidence is now treated as stale/unverifiable instead of allowing direct collaborative insertion.
• Sanitized imported comments drop the malformed review metadata and mark reviewMetadataStatus as dropped_stale before shared manuscript state is touched.
• README, requirements map, and acceptance notes now explicitly cover malformed review metadata expiry evidence.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of quarantine_import.
• npm test -> collaborative clipboard import guard tests passed (8).
• npm run demo -> regenerated unsafe/partner/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,423 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 1b782ba:

• Added a regression for imported blocks whose anchor collides with an anchor already present in shared manuscript state.
• The guard now checks imported anchors against existingAnchors as well as duplicates inside the incoming payload.
• Colliding imported anchors are quarantined and regenerated before collaborative insertion, closing the case where a single imported block could overwrite or confuse an existing figure/table/comment anchor.
• README, requirements map, and acceptance notes now explicitly cover existing-document anchor collisions.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of quarantine_import.
• npm test -> collaborative clipboard import guard tests passed (9).
• npm run demo -> regenerated unsafe/partner/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• node --check passed for index, sample-data, demo, and test.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,423 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 1cbf340:

• Added a regression for partner imports whose signedAttestation value is present but blank/whitespace-only.
• Partner imports now require a non-empty signed attestation before avoiding curator review.
• Sanitized source metadata now reports attested: false for blank signed-attestation values instead of treating them as trusted evidence.
• README, requirements map, and acceptance notes now explicitly cover blank partner attestations.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of stage_for_curator_review.
• npm test -> collaborative clipboard import guard tests passed (10).
• npm run demo -> regenerated unsafe/partner/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,423 bytes.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 66a1e11:

• Added a regression for trusted file imports whose source.origin exposes a local/private path such as file:///Users/.../private-lab/....
• Source-origin metadata is now scanned before shared insertion; risky origins produce LOCAL_PRIVATE_SOURCE, quarantine the import, and route remediation to redact_source_origin.
• Sanitized source metadata now redacts the origin before reviewer packets are emitted.
• Added reports/source-origin-packet.json and refreshed the Markdown/SVG/MP4 reviewer artifacts so the new path is visible in the demo evidence.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of quarantine_import.
• npm test -> collaborative clipboard import guard tests passed (11).
• npm run demo -> regenerated unsafe/partner/source-origin/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 111,328 bytes.
• Generated reports scan confirmed no /Users/sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in ca592ad:

• Added a regression for trusted, signed imports that arrive through an unsupported import channel.
• The guard now emits UNKNOWN_IMPORT_CHANNEL and stages those payloads for curator review instead of allowing direct collaborative insertion.
• Added an unsupported-channel-packet.json demo artifact and refreshed the Markdown/SVG/MP4 reviewer evidence so the new path is visible in the PR artifacts.
• README, requirements map, and acceptance notes now explicitly cover unsupported import-channel metadata.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of stage_for_curator_review.
• npm test -> collaborative clipboard import guard tests passed (12).
• npm run demo -> regenerated unsafe/partner/unsupported-channel/source-origin/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,135 bytes.
• Generated reports scan confirmed no /Users/sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 7febac6:

• Added a regression for trusted file imports that omit signedAttestation metadata.
• Trusted imports now follow the same attestation requirement as partner imports before direct collaborative insertion.
• Missing or blank attestations now stage the import for curator review with MISSING_SOURCE_ATTESTATION and request_signed_source_attestation instead of allowing shared manuscript insertion.
• Added reports/trusted-attestation-packet.json and refreshed the Markdown/SVG reviewer evidence so the new path is visible in the PR artifacts.
• README, requirements map, acceptance notes, and the PR body now explicitly cover trusted-source attestation requirements.

Why this matters:

• A source can be labeled trusted while still lacking the signed handoff evidence needed for a collaborative editor trust boundary.
• This keeps PR Add collaborative clipboard import guard #418 focused on clipboard/file-import provenance while closing a direct bypass of the source-trust plus attestation contract.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of stage_for_curator_review.
• npm test -> collaborative clipboard import guard tests passed (13).
• npm run demo -> regenerated unsafe/partner/trusted-attestation/unsupported-channel/source-origin/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,135 bytes.
• Generated reports scan confirmed no /Users/sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN; no checks are reported for this branch.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 6d0e771:

• Added a regression for trusted imports that supply placeholder/malformed attestation evidence such as sha256:pending.
• Signed source attestations now have to use a sha256: prefix followed by a 64-hex digest before sanitized source metadata reports attested: true.
• Placeholder or malformed attestations now produce INVALID_SOURCE_ATTESTATION, stage the import for curator review, and request a signed source attestation instead of allowing direct collaborative insertion.
• Added reports/placeholder-attestation-packet.json and refreshed the Markdown/SVG reviewer artifacts so the new path is visible in the PR evidence.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of stage_for_curator_review.
• npm test -> collaborative clipboard import guard tests passed (14).
• npm run demo -> regenerated unsafe/partner/trusted-attestation/placeholder-attestation/unsupported-channel/source-origin/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,135 bytes.
• Generated reports scan confirmed no /Users/sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; only Git line-ending normalization warnings appeared on Windows before staging.
• Sensitive-term scan returned no payout or credential strings.
• GitHub PR merge state after push: CLEAN; no checks are reported for this branch.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 41e3909:

• Added a regression for quarantined imports whose notebook output contains a lowercase-drive Windows user path such as c:\Users\....
• Detection was already case-insensitive, but redaction was not; sanitized reviewer output could retain the drive/user prefix after quarantine.
• Windows user-path redaction now matches case-insensitively, so the entire local path is replaced with [redacted-local-path].
• Added reports/lowercase-windows-path-packet.json and refreshed README, requirements, acceptance notes, Markdown/SVG reports, and the demo video so the gate is visible to reviewers.

Why this matters:

• Clipboard and notebook-output imports commonly come from mixed Windows environments where drive-letter casing is inconsistent.
• A guard that quarantines the import but leaves c:\Users\... in sanitized reviewer output still leaks local user context. This closes that reviewer-packet privacy gap while staying inside the issue Real-time collaborative research editor & interface #12 import-provenance scope.

Validation refreshed locally:

• Confirmed the new regression failed before implementation because sanitized output retained c:\Users\sam\... instead of [redacted-local-path].
• npm test -> collaborative clipboard import guard tests passed (15).
• npm run demo -> regenerated unsafe/partner/trusted-attestation/placeholder-attestation/unsupported-channel/source-origin/lowercase-windows-path/clean packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,135 bytes.
• Generated reports scan confirmed no /Users/sam, private-lab, patient-export, or c:\Users\sam strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; Git only reported Windows line-ending normalization warnings.
• Focused sensitive scan returned no payout, credential, or token strings.
• GitHub PR merge state after push: CLEAN; no checks are reported for this branch.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in eae26a8:

• Added a regression for quarantined notebook/import output containing a forward-slash Windows user path such as C:/Users/....
• Windows user-path detection/redaction now treats C:\Users\..., c:\Users\..., and C:/Users/... as full local path evidence rather than allowing a drive-prefix fragment to survive sanitized reviewer output.
• Added reports/forward-slash-windows-path-packet.json and refreshed README, requirements, acceptance notes, Markdown/SVG reports, and demo video evidence.

Why this matters:

• Clipboard and notebook output often normalize Windows paths to forward slashes, especially after browser or toolchain copy/paste.
• Before this hardening, the import could be quarantined but sanitized reviewer output could still retain the C: prefix. That is not a clean privacy boundary for shared manuscript import review.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with Rendered output to C:[redacted-local-path] instead of Rendered output to [redacted-local-path].
• npm test -> collaborative clipboard import guard tests passed (16).
• npm run demo -> regenerated unsafe/partner/trusted-attestation/placeholder-attestation/unsupported-channel/source-origin/lowercase-windows-path/forward-slash-windows-path/clean packets.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> JS syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 112,135 bytes.
• Generated reports scan confirmed no /Users/sam, C:/Users/sam, c:\Users\sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; Git only reported Windows line-ending normalization warnings.
• Focused sensitive scan returned no payout, credential, or token strings.
• GitHub PR merge state after push: CLEAN; no checks are reported for this branch.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 81cbf5c:

• Added a regression for malformed import payloads whose blocks value is not a valid array.
• The guard now stages those payloads for curator payload review with MALFORMED_IMPORT_BLOCKS instead of throwing before a reviewer packet can be emitted.
• Malformed block-list payloads produce no sanitized shared-manuscript blocks and route remediation to require_curator_payload_review.
• Added reports/malformed-block-list-packet.json and refreshed the Markdown/SVG/MP4 reviewer evidence.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with TypeError: blocks is not iterable at findAnchorCollisionBlocks.
• npm test -> collaborative clipboard import guard tests passed (17).
• npm run demo -> regenerated 10 JSON packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 116,590 bytes.
• All 10 generated JSON packets parsed successfully.
• Generated reports scan confirmed no /Users/sam, C:/Users/sam, c:\Users\sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; only Windows line-ending normalization warnings appeared before staging.
• Focused sensitive scan returned no payout, credential, or token strings.

PR state after push: open at head 81cbf5c; no checks are reported for this branch.

[KoiosSG]

Hardening update pushed in 24f69bb for malformed block entries inside otherwise valid import lists.

What changed:

• Added a regression for blocks: [null], which previously crashed before a reviewer packet could be emitted.
• The guard now filters malformed block entries out of sanitized shared-manuscript output, emits MALFORMED_IMPORT_BLOCK, stages the import for curator review, and routes remediation to require_curator_payload_review.
• Added reports/malformed-block-entry-packet.json and refreshed the generated Markdown/SVG/MP4 reviewer evidence.

Why this matters:

• Import payloads can be partially malformed even when the top-level blocks value is an array. A real collaborative-editor trust boundary has to fail closed and produce auditable reviewer evidence instead of crashing or leaking malformed entries into sanitized output.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with TypeError: Cannot read properties of null (reading 'anchor') at findAnchorCollisionBlocks.
• npm test -> collaborative clipboard import guard tests passed (18).
• npm run demo -> regenerated 11 JSON packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• npm run check -> syntax checks passed for index, sample-data, test, and demo.
• node --check passed for index, sample-data, test, and demo.
• ffprobe verified reports/demo.mp4 as H.264, 1280x720, 24 fps, 7.5s, 180 frames.
• All generated JSON packets parsed successfully, including malformed-block-entry-packet.json.
• Generated report scan confirmed no /Users/sam, C:/Users/sam, c:\Users\sam, private-lab, or patient-export strings remained in reviewer artifacts.
• git diff --check and git diff --cached --check passed; only Windows line-ending normalization warnings appeared before staging.
• Focused restricted-string scan returned no matches.

[KoiosSG]

Follow-up competitive hardening pass for the collaborative clipboard import guard.

What changed in 575c5c6:

• Added a regression for imported tables with malformed non-array rows.
• Malformed table rows now stage for curator review with MALFORMED_TABLE_ROW instead of being allowed into collaborative state.
• Sanitized reviewer output normalizes malformed rows to empty rows, and the demo now includes reports/malformed-table-row-packet.json.

Validation refreshed locally:

• Confirmed the new regression failed before implementation with allow_collaborative_insert instead of stage_for_curator_review.
• npm test -> collab clipboard import guard tests passed (19).
• npm run check -> JS syntax checks passed for index, sample-data, test, and demo.
• npm run demo -> generated 12 JSON packets with expected statuses.
• npm run video -> regenerated reports/demo.mp4.
• ffprobe verified H.264, 1280x720, 24 fps, 7.5s, 116,590 bytes.
• All generated JSON packets parsed successfully; generated reports scan found no raw local/private path markers.
• git diff --check and git diff --cached --check passed; focused restricted-string scan returned no matches.
• GitHub PR state after push: OPEN, merge state CLEAN, head 575c5c6; no checks are reported for this branch.

[KoiosSG]

Hardening update pushed in 14be418: malformed existing-anchor metadata now stages for curator anchor review instead of crashing before packet generation.

Verification refreshed locally:

• red regression first reproduced TypeError: existingAnchors.filter is not a function
• npm test -> collab-clipboard-import-guard tests passed (20)
• npm run demo, npm run video, npm run check
• parsed all 13 generated JSON packets, including malformed-existing-anchors-packet.json
• ffprobe verified reports/demo.mp4 as H.264 1280x720, 24fps, 7.5s, 116,590 bytes
• git diff --check, git diff --cached --check, staged allowlist check, and focused restricted-string scan passed