@nodatachat/guard 2.0.0 → 2.1.0

package/LICENSE.md

@@ -1,10 +1,10 @@
 # NoData Guard License
 
-Copyright (c) 2026 NoDataChat Ltd. All rights reserved.
+Copyright (c) 2026 Capsule Ltd. All rights reserved.
 
 ## Terms
 
-This software is proprietary. You may use it under the terms of your NoDataChat subscription agreement.
+This software is proprietary. You may use it under the terms of your Capsule subscription agreement.
 
 ### Permitted Uses
 - Running scans on your own projects with a valid license key
@@ -19,10 +19,10 @@ This software is proprietary. You may use it under the terms of your NoDataChat
 
 ### Data Privacy
 - Guard runs locally on your machine
-- Source code is never uploaded to NoDataChat servers
+- Source code is never uploaded to Capsule servers
 - Only metadata reports (table names, counts, scores) are transmitted
 - You can opt out of metadata transmission with --skip-send
 
-For the full license agreement, visit: https://nodatachat.com/legal/guard-license
+For the full license agreement, visit: https://nodatacapsule.com/legal/guard-license
 
-Contact: legal@nodatachat.com
+Contact: legal@nodatacapsule.com

package/README.md

@@ -79,7 +79,7 @@ npx nodata-guard --license-key $NDC_LICENSE --ci --fail-on critical
 
 ## Dashboard
 
-After running Guard, log in at [nodatachat.com/guard](https://nodatachat.com/guard) with your license key to see:
+After running Guard, log in at [nodatacapsule.com/guard](https://nodatacapsule.com/guard) with your license key to see:
 
 - Score trends over time
 - Scan history with comparison
@@ -114,7 +114,7 @@ Proprietary — see [LICENSE.md](LICENSE.md)
 
 ## Links
 
-- [Website](https://nodatachat.com)
-- [Guard Dashboard](https://nodatachat.com/guard)
-- [Getting Started](https://nodatachat.com/guard/onboarding)
-- [Pricing](https://nodatachat.com/pricing)
+- [Website](https://nodatacapsule.com)
+- [Guard Dashboard](https://nodatacapsule.com/guard)
+- [Getting Started](https://nodatacapsule.com/guard/onboarding)
+- [Pricing](https://nodatacapsule.com/pricing)

package/dist/activation.js

@@ -18,7 +18,7 @@ const crypto_1 = require("crypto");
 const fs_1 = require("fs");
 const path_1 = require("path");
 const GUARD_VERSION = "2.0.0";
-const API_BASE = process.env.GUARD_API_BASE || "https://nodatachat.com/api/guard";
+const API_BASE = process.env.GUARD_API_BASE || "https://nodatacapsule.com/api/guard";
 // Dev license keys that work without server (for development and demos)
 const DEV_LICENSES = new Set(["NDC-DEV", "NDC-DEMO", "NDC-TEST"]);
 // ── Project fingerprint (directory structure only, no file contents) ──

package/dist/cli.js

@@ -87,12 +87,44 @@ async function main() {
     }
     // Env fallbacks
     if (!licenseKey)
-        licenseKey = process.env.NDC_LICENSE || process.env.NODATA_LICENSE_KEY;
+        licenseKey = process.env.NDC_LICENSE || process.env.NODATA_LICENSE_KEY || process.env.NODATA_API_KEY || process.env.NDC_API_KEY;
     if (!dbUrl)
         dbUrl = process.env.DATABASE_URL;
+    // Shared Protect config fallback (~/.nodata/config.json)
     if (!licenseKey) {
-        console.error("\n  Error: --license-key required (or set NDC_LICENSE env var)\n");
-        printHelp();
+        try {
+            const home = process.env.HOME || process.env.USERPROFILE || "";
+            const configPath = require("path").join(home, ".nodata", "config.json");
+            if (require("fs").existsSync(configPath)) {
+                const config = JSON.parse(require("fs").readFileSync(configPath, "utf-8"));
+                if (config.api_key) {
+                    licenseKey = config.api_key;
+                    console.log(`\n  \x1b[32m✓\x1b[0m Using API key from NoData Protect (~/.nodata/config.json)\n`);
+                }
+            }
+        }
+        catch { /* ignore */ }
+    }
+    // Capsule config fallback (.capsule.json)
+    if (!licenseKey) {
+        try {
+            const capsulePath = require("path").join(projectDir, ".capsule.json");
+            if (require("fs").existsSync(capsulePath)) {
+                const config = JSON.parse(require("fs").readFileSync(capsulePath, "utf-8"));
+                if (config.licenseKey) {
+                    licenseKey = config.licenseKey;
+                    console.log(`\n  \x1b[32m✓\x1b[0m Using API key from Capsule config (.capsule.json)\n`);
+                }
+            }
+        }
+        catch { /* ignore */ }
+    }
+    if (!licenseKey) {
+        console.error("\n  \x1b[31m✗\x1b[0m No API key found.\n");
+        console.error("  Options:");
+        console.error("    1. Run \x1b[36mnpx @nodatachat/protect init\x1b[0m first (creates key automatically)");
+        console.error("    2. Pass \x1b[36m--license-key YOUR_KEY\x1b[0m");
+        console.error("    3. Set \x1b[36mNDC_LICENSE=YOUR_KEY\x1b[0m in environment\n");
         process.exit(1);
     }
     // ── Schedule setup (no scan needed) ──
@@ -204,12 +236,13 @@ async function main() {
     if (!skipSend) {
         log(ciMode, "Sending metadata to NoData...");
         try {
-            const res = await fetch("https://nodatachat.com/api/guard/report", {
+            const res = await fetch("https://nodatacapsule.com/api/guard/report", {
                 method: "POST",
                 headers: {
                     "Content-Type": "application/json",
                     "X-Scan-Id": activation.scan_id,
                     "X-Activation-Key": activation.activation_key,
+                    "X-License-Key": licenseKey || "",
                 },
                 body: JSON.stringify(metadata),
                 signal: AbortSignal.timeout(10000),
@@ -449,7 +482,7 @@ function printHelp() {
     # CI pipeline
     npx nodata-guard --ci --fail-on critical
 
-  Documentation: https://nodatachat.com/guard
+  Documentation: https://nodatacapsule.com/guard
 `);
 }
 main().catch((err) => {

package/dist/fixers/registry.js

@@ -156,7 +156,7 @@ async function sendNotifications(config, event, payload, onLog) {
     if (config.notify.email?.length) {
         for (const email of config.notify.email) {
             try {
-                await fetch("https://nodatachat.com/api/guard/notify", {
+                await fetch("https://nodatacapsule.com/api/guard/notify", {
                     method: "POST",
                     headers: { "Content-Type": "application/json" },
                     body: JSON.stringify({ channel: "email", to: email, payload }),

package/dist/reporter.js

@@ -125,6 +125,33 @@ function generateReports(input) {
             medium: medSecrets,
             fixes_available: plaintextPII, // each plaintext field has a migration fix
         },
+        // Fix suggestions — safe to send (just recommendation text, no code/values)
+        findings: [
+            ...allPII.filter(f => !f.encrypted).map(f => ({
+                severity: "high",
+                category: "pii",
+                rule_id: `PII_${f.pii_type.toUpperCase()}`,
+                title: `${f.table}.${f.column} — ${f.pii_type} stored in plaintext`,
+                fix_suggestion: `Add AES-256-GCM encryption to ${f.table}.${f.column} via Capsule field permissions`,
+                soc_control: "CC6.7",
+            })),
+            ...(input.code?.secrets.filter(s => !s.is_env_interpolated) || []).map(s => ({
+                severity: s.severity,
+                category: "secrets",
+                rule_id: `SECRET_${s.type.toUpperCase().replace(/-/g, "_")}`,
+                title: `Hardcoded ${s.type} in ${s.file}:${s.line}`,
+                fix_suggestion: `Move to .env and encrypt with @nodatachat/protect`,
+                soc_control: "CC6.1",
+            })),
+            ...(input.code?.routes.filter(r => !r.has_auth) || []).slice(0, 20).map(r => ({
+                severity: "high",
+                category: "auth",
+                rule_id: "ROUTE_NO_AUTH",
+                title: `Unprotected route: ${r.path}`,
+                fix_suggestion: `Add authentication middleware (withAuth or API key check)`,
+                soc_control: "CC6.3",
+            })),
+        ],
         proof_hash: proofHash,
         privacy: {
             contains_data_values: false,

package/dist/types.d.ts

@@ -142,6 +142,14 @@ export interface MetadataReport {
         medium: number;
         fixes_available: number;
     };
+    findings: Array<{
+        severity: "critical" | "high" | "medium" | "low";
+        category: string;
+        rule_id: string;
+        title: string;
+        fix_suggestion: string;
+        soc_control: string;
+    }>;
     proof_hash: string;
     privacy: {
         contains_data_values: false;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodatachat/guard",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "NoData Guard — continuous security scanner. Runs locally, reports only metadata. Your data never leaves your machine.",
   "main": "./dist/cli.js",
   "types": "./dist/cli.d.ts",
@@ -49,7 +49,7 @@
     "devsecops"
   ],
   "license": "SEE LICENSE IN LICENSE.md",
-  "homepage": "https://nodatachat.com/guard",
+  "homepage": "https://nodatacapsule.com/guard",
   "repository": {
     "type": "git",
     "url": "https://github.com/nodatachat/guard"
@@ -57,5 +57,5 @@
   "bugs": {
     "url": "https://github.com/nodatachat/guard/issues"
   },
-  "author": "NoDataChat <support@nodatachat.com>"
+  "author": "Capsule <support@nodatacapsule.com>"
 }