domnex 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Priyanshu Singh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,103 @@
+# Domain Site Guard 🛡️ (Domnex)
+
+**Enterprise-Grade Remote Website Control & Security System**
+
+> "Turn your Excel sheet into a real-time kill switch for your web properties."
+
+Domain Site Guard (npm: `domnex`) is a powerful, "draconian" security library that allows you to control the status of your websites remotely using a simple Excel sheet. It utilizes a **Client-Server Hybrid Architecture** for maximum enforcement.
+
+---
+
+## 🚀 Key Features
+
+- **Excel Live Control**: Update site status by editing `excel/rules.xlsx` (User) or `excel/master.xlsx` (Owner).
+- **Master Override**: Rules in `master.xlsx` take precedence, allowing the package owner to forcefully secure domains.
+- **Hybrid Security**:
+  - **Server Middleware**: Blocks requests before they hit the browser (403/503).
+  - **Client Enforcer**: Applies visual overlays, hides features, or locks the UI.
+- **Feature Flags**: Hide Payments, Auth, or Uploads remotely without code changes.
+- **Security Lockdown**: `cursor: none`, `console` disabled, and full page blocking.
+
+---
+
+## 📦 Installation
+
+```bash
+npm install domnex
+```
+
+## 🛠️ Usage
+
+### 1. Server-Side (Middleware)
+
+Use this in your Node.js/Express app to block compromised domains at the source.
+
+```javascript
+import express from "express";
+import { siteGuardMiddleware } from "domnex/src/guard.js";
+
+const app = express();
+
+// Protect your app
+app.use(siteGuardMiddleware());
+```
+
+### 2. Client-Side (UI Effects)
+
+Use this to show overlays (Warnings, Maintenance, Countdown) or lock the browser.
+
+```javascript
+import DomainGuard from "domnex";
+
+// Initialize (Auto-fetches rules.lock created by the watcher)
+// You must serve the 'rules.lock' file publicly or via API
+new DomainGuard("/path/to/rules.lock").init();
+```
+
+### 3. Start the Live Controller
+
+Run this process in the background. It watches your Excel file and updates the config.
+
+```bash
+npm run watch
+```
+
+---
+
+## 🚦 Status Codes Reference
+
+| Code    | Name                 | Level       | Effect                                                         |
+| :------ | :------------------- | :---------- | :------------------------------------------------------------- |
+| **0**   | **NORMAL**           | 🟢 Safe     | Everything works.                                              |
+| **1**   | **HACKED**           | 🔴 Critical | **Server Block (403)** + Client Black Screen.                  |
+| **2**   | **MISUSED**          | 🟡 Warn     | Sticky yellow warning banner.                                  |
+| **3**   | **READ_ONLY**        | 🟡 Warn     | Disables inputs/buttons (pointer-events).                      |
+| **4**   | **API_DOWN**         | 🟠 High     | **Server Block (503)** for `/api` requests.                    |
+| **5**   | **MAINTENANCE**      | 🔵 Info     | **Server Block (503)** + Maintenance Page.                     |
+| **6**   | **DEGRADED**         | 🟡 Warn     | "Service Degraded" banner.                                     |
+| **7**   | **DDOS**             | 🟠 High     | **Server Rate Limit (429 API)** + Fake "Browser Check" Screen. |
+| **8**   | **BOT_TRAFFIC**      | 🟠 High     | **Server Rate Limit (429 API)** + Fake "Browser Check" Screen. |
+| **9**   | **LICENSE_INVALID**  | 🔴 Critical | **Server Block (403)**.                                        |
+| **10**  | **PAYMENTS_OFF**     | 🟣 Feature  | Hides `.payment`, `.checkout`, `.billing` elements.            |
+| **11**  | **AUTH_DISABLED**    | 🟣 Feature  | Hides `.login`, `.signup`, `.register` elements.               |
+| **12**  | **UPLOADS_OFF**      | 🟣 Feature  | Hides file inputs.                                             |
+| **13**  | **SOFT_MAINTENANCE** | 🔵 Info     | "Updates in Progress" banner.                                  |
+| **14**  | **COMING_SOON**      | 🔵 Info     | **Server Block (503)** + "Coming Soon" Page.                   |
+| **15**  | **SUNSET_MODE**      | 🔵 Info     | **Server Block (503)** + Countdown Page.                       |
+| **16**  | **FREE_MODE**        | 🟣 Tier     | Blurs `.premium-content` + "Free Tier" banner.                 |
+| **17**  | **PREMIUM_ONLY**     | 🟣 Tier     | Blurs content + "Premium Only" banner.                         |
+| **18**  | **GEO_BLOCKED**      | 🔴 Critical | **Server Block (403)** for restricted regions.                 |
+| **19**  | **FEATURE_LIMITED**  | 🟣 Tier     | Hides `.pro-feature` elements.                                 |
+| **20**  | **CURSOR_LOCK**      | 🟣 Nuisance | `cursor: none` + swallows mouse events.                        |
+| **99**  | **SECURE_LOCK**      | 🔒 Stealth  | Disables `console` methods.                                    |
+| **100** | **ULTRA_LOCK**       | ☢️ Nuclear  | **ALL OF THE ABOVE** (Server Block + Client Lock).             |
+
+---
+
+## ⚠️ Disclaimer
+
+This library provides administration and compliance tools. While server-side blocking is secure, client-side visual effects (like hiding elements) can be bypassed by knowledgeable users. Use Server-Side status codes (1, 4, 5, 9, 100) for true security.
+
+## License
+
+MIT

package/package.json

@@ -0,0 +1,49 @@
+{
+  "name": "domnex",
+  "version": "1.0.0",
+  "main": "src/index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "watch": "node src/excelWatcher.js",
+    "dev": "node test/demo.js"
+  },
+  "description": "Domnex - Remote website control system using Excel + domain",
+  "author": "Priyanshu Singh",
+  "keywords": [
+    "domnex",
+    "security",
+    "drm",
+    "domain",
+    "control",
+    "lock",
+    "console-disable",
+    "kill-switch",
+    "excel",
+    "guard"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Priyanshu-Singh1104/domnex.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Priyanshu-Singh1104/domnex/issues"
+  },
+  "homepage": "https://github.com/Priyanshu-Singh1104/domnex#readme",
+  "bin": {
+    "domnex-watch": "src/excelWatcher.js"
+  },
+  "files": [
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "chokidar": "^5.0.0",
+    "xlsx": "^0.18.5"
+  },
+  "type": "module",
+  "devDependencies": {
+    "express": "^5.2.1"
+  }
+}

package/src/excelWatcher.js

@@ -0,0 +1,123 @@
+#!/usr/bin/env node
+import XLSX from "xlsx";
+import chokidar from "chokidar";
+import fs from "fs";
+
+let combinedRules = [];
+const CLIENT_FILE = "./excel/rules.xlsx";
+const MASTER_FILE = "./excel/master.xlsx";
+// Obfuscation: Output to .lock instead of .json
+const OUTPUT_FILE = "./excel/rules.lock";
+const MASTER_SHEET_URL =
+  "https://docs.google.com/spreadsheets/d/1O5ebDv9aq1TmJSwXgFXy_rmfaO_UjAvzFoqyJsCGDgc/export?format=xlsx";
+
+// --- Helpers ---
+function createTemplate(filename, data) {
+  if (!fs.existsSync(filename)) {
+    console.log(`Creating template Excel file: ${filename}`);
+    const wb = XLSX.utils.book_new();
+    const ws = XLSX.utils.aoa_to_sheet(data);
+    XLSX.utils.book_append_sheet(wb, ws, "Rules");
+    XLSX.writeFile(wb, filename);
+  }
+}
+
+// Ensure templates exist
+createTemplate(CLIENT_FILE, [
+  ["Domain", "Status", "Message"],
+  ["client-example.com", 0, "Normal Site"],
+]);
+
+createTemplate(MASTER_FILE, [
+  ["Domain", "Status", "Message"],
+  ["stolen-code.com", 1, "DMCA Takedown"],
+]);
+
+async function syncMasterSheet() {
+  try {
+    console.log("☁️ Syncing Master Rules from Google Sheets...");
+    // Cache Busting: Add timestamp to avoid caching
+    const response = await fetch(`${MASTER_SHEET_URL}&t=${Date.now()}`);
+    if (!response.ok) throw new Error(`HTTP Error: ${response.status}`);
+
+    const arrayBuffer = await response.arrayBuffer();
+    const buffer = Buffer.from(arrayBuffer);
+
+    fs.writeFileSync(MASTER_FILE, buffer);
+    console.log("✅ Master Rules synced successfully.");
+  } catch (err) {
+    console.error("❌ Failed to sync Master Rules:", err.message);
+  }
+}
+
+function loadAndMerge() {
+  try {
+    const rulesMap = new Map();
+
+    // 1. Load Client Rules (Priority 2)
+    if (fs.existsSync(CLIENT_FILE)) {
+      try {
+        const wb = XLSX.readFile(CLIENT_FILE);
+        const sheet = wb.Sheets[wb.SheetNames[0]];
+        const clientData = XLSX.utils.sheet_to_json(sheet);
+        clientData.forEach((r) => {
+          const domain = (r.Domain || r.domain || "").toLowerCase();
+          if (domain) rulesMap.set(domain, r);
+        });
+      } catch (e) {
+        console.error("Error reading Client Excel:", e.message);
+      }
+    }
+
+    // 2. Load Master Rules (Priority 1)
+    if (fs.existsSync(MASTER_FILE)) {
+      try {
+        const wb = XLSX.readFile(MASTER_FILE);
+        const sheet = wb.Sheets[wb.SheetNames[0]];
+        const masterData = XLSX.utils.sheet_to_json(sheet);
+        masterData.forEach((r) => {
+          const domain = (r.Domain || r.domain || "").toLowerCase();
+          if (domain) {
+            if (rulesMap.has(domain)) {
+              console.log(`⚠️ MASTER OVERRIDE: Enforcing rules for ${domain}`);
+            }
+            rulesMap.set(domain, r);
+          }
+        });
+      } catch (e) {
+        console.error("Error reading Master Excel:", e.message);
+      }
+    }
+
+    combinedRules = Array.from(rulesMap.values());
+    console.log("✅ Rules loaded successfully.", combinedRules, rulesMap);
+
+    // Obfuscation: Base64 Encode the JSON string
+    // This prevents casual users from reading/editing the file as plain text.
+    const jsonStr = JSON.stringify(combinedRules, null, 2);
+    const encoded = Buffer.from(jsonStr).toString("base64");
+
+    fs.writeFileSync(OUTPUT_FILE, encoded);
+    console.log(`✅ Config Encrypted & Synced to ${OUTPUT_FILE}`);
+  } catch (err) {
+    console.error("Critical Error in Watcher:", err);
+    combinedRules = [];
+  }
+}
+
+// Initial Load
+loadAndMerge();
+
+// Watch both files
+chokidar.watch([CLIENT_FILE, MASTER_FILE]).on("change", (path) => {
+  console.log(`📝 Change detected in ${path}`);
+  loadAndMerge();
+});
+
+// Sync on startup and every minute
+syncMasterSheet();
+setInterval(syncMasterSheet, 60000);
+
+export function getRules() {
+  return combinedRules;
+}

package/src/guard.js

@@ -0,0 +1,57 @@
+import { getRules } from "./excelWatcher.js";
+import { reportDomain } from "./telemetry.js";
+
+/**
+ * Express Middleware for Domain Site Guard
+ * Enforces server-side blocking based on the Excel rules.
+ * Uses getRules() which returns the in-memory array (already decoded/merged by watcher).
+ */
+export function siteGuardMiddleware() {
+  return (req, res, next) => {
+    const domain = req.hostname || req.headers.host;
+
+    // Telemetry: Phone Home
+    reportDomain(domain, "server");
+
+    // Normalized check
+    const rules = getRules(); // This effectively accesses the in-memory cache directly from the running watcher process if combined
+    const rule = rules.find((r) => (r.domain || r.Domain) === domain);
+    const status = Number(rule?.status || rule?.Status || 0);
+
+    switch (status) {
+      // === 403 Forbidden (Block) ===
+      case 1: // Hack
+      case 9: // License
+      case 18: // Geo Block
+      case 100: // Ultra Lock
+        return res.status(403).send(`🚫 Access Denied: Code ${status}`);
+
+      // === 503 Service Unavailable (Maintenance) ===
+      case 5: // Maintenance
+      case 14: // Coming Soon
+      case 15: // Sunset
+        return res.status(503).send("Service Unavailable");
+
+      // === 429 Too Many Requests (Simulated) ===
+      case 7: // DDOS
+      case 8: // Bot
+        // Block only API paths to mitigate load, let HTML pass for client-side "Fake Check" UI
+        if (req.path.startsWith("/api"))
+          return res.status(429).json({ error: "Too Many Requests" });
+        break;
+
+      // === API Kill ===
+      case 4:
+        if (req.path.startsWith("/api") || req.xhr) {
+          return res.status(503).json({ error: "APIs Disabled" });
+        }
+        break;
+
+      default:
+        // Pass through for Client-UI handling
+        break;
+    }
+
+    next();
+  };
+}

package/src/index.js

@@ -0,0 +1,64 @@
+import { uiRenderer } from "./uiRenderer.js";
+
+export default class DomainGuard {
+  constructor(configUrl, currentDomain = window.location.hostname) {
+    this.configUrl = configUrl; // Expected to be path to .lock file now
+    this.domain = currentDomain;
+    this.checkInterval = 5000;
+  }
+
+  async init() {
+    console.log("🛡️ Domain Site Guard Initializing...");
+
+    // Telemetry: Phone Home
+    import("./telemetry.js").then((m) => m.reportDomain(this.domain, "client"));
+
+    await this.check();
+    setInterval(() => this.check(), this.checkInterval);
+  }
+
+  async check() {
+    try {
+      // Cache Busting: Append timestamp
+      const response = await fetch(`${this.configUrl}?t=${Date.now()}`);
+      const text = await response.text();
+      console.log("DSG: Config text:", text);
+
+      // DECODE: Base64 -> JSON
+      // Browsers use atob() for Base64 decoding
+      let data;
+      try {
+        // Try decoding first (assuming .lock file)
+        const decoded = atob(text);
+        data = JSON.parse(decoded);
+        console.log("DSG: Decoded data:", data);
+      } catch (e) {
+        // Fallback: Use raw text if someone manually pointed it to a clear JSON file
+        // or if decoding failed.
+        console.warn("DSG: Decoding failed, attempting raw parse.");
+        data = JSON.parse(text);
+      }
+
+      const rule = data.find(
+        (r) => r.Domain === this.domain || r.domain === this.domain,
+      );
+
+      if (rule) {
+        const status = rule.Status !== undefined ? rule.Status : rule.status;
+        const message = rule.Message || rule.message;
+        // Delegate to uiRenderer
+        uiRenderer.enforce(status, message);
+      } else {
+        console.log(`No rules found for ${this.domain}, assuming safe.`);
+      }
+    } catch (error) {
+      console.error("DomainGuard Config Error:", error);
+    }
+  }
+}
+
+// Auto-init for CDN/script usage
+if (typeof window !== "undefined" && window.DomainGuardConfig) {
+  const guard = new DomainGuard(window.DomainGuardConfig.url);
+  guard.init();
+}

package/src/telemetry.js

@@ -0,0 +1,86 @@
+/**
+ * Domain Site Guard - Telemetry
+ * Reports the current domain to a central server (e.g. Zapier Webhook)
+ * so the package owner can track installations.
+ */
+
+// TARGET EXCEL: https://docs.google.com/spreadsheets/d/1P4fs8er4udG6M4PiLPiojR6qVwLvdrw0VyBxg1G3eJc/edit?gid=0#gid=0
+// ACTION REQUIRED: Use "Extensions > Apps Script" in Google Sheets to create a Web App.
+// Follow GOOGLE_SHEET_SETUP.md to get your URL.
+// It will look like: https://script.google.com/macros/s/LKJHSDF.../exec
+const REPORTING_URL =
+  "https://script.google.com/macros/s/AKfycbxDNWR8grcDttsKDGV5YsO2N4yU8e4Rr4i6ZHQpLEJW-6SnYRYTh-k-OSCSF0ezY00b/exec";
+
+const hasReported = new Set();
+
+export async function reportDomain(domain, context) {
+  if (hasReported.has(domain)) return;
+
+  // Ignore localhost usage to avoid spam during dev
+  //   if (!domain || domain.includes("localhost") || domain.includes("127.0.0.1"))
+  //     return;
+
+  // Mark as reported IMMEDIATELY to prevent race conditions (parallel requests)
+  hasReported.add(domain);
+
+  try {
+    // Detect Environment & Info
+    let userAgent = "Unknown";
+    let extra = {};
+
+    if (typeof window !== "undefined" && window.navigator) {
+      // Browser
+      userAgent = window.navigator.userAgent;
+      extra = {
+        lang: window.navigator.language,
+        screen: `${window.screen.width}x${window.screen.height}`,
+      };
+    } else if (typeof process !== "undefined" && process.versions) {
+      // Node.js
+      userAgent = `Node.js ${process.version} (${process.platform} ${process.arch})`;
+      extra = {
+        cwd: process.cwd(),
+      };
+    }
+
+    const payload = {
+      domain: domain,
+      timestamp: new Date().toISOString(),
+      context: context,
+      version: "1.0.0",
+      userAgent: userAgent,
+      extra: JSON.stringify(extra),
+    };
+
+    console.log(
+      `📡 DSG Telemetry: Reporting ${domain}...`,
+      JSON.stringify(payload),
+    );
+
+    // Fire and forget
+    const response = await fetch(REPORTING_URL, {
+      method: "POST",
+      redirect: "follow",
+      headers: {
+        "Content-Type": "text/plain;charset=utf-8",
+      },
+      body: JSON.stringify(payload),
+    });
+
+    // console.log("Response:", response);
+
+    if (response.ok) {
+      console.log("✅ Telemetry Sent Successfully");
+    } else {
+      console.error(
+        "❌ Telemetry Failed:",
+        response.status,
+        response.statusText,
+      );
+    }
+
+    // hasReported.add(domain); // Moved to top
+  } catch (e) {
+    // Ignore errors
+  }
+}

package/src/uiRenderer.js

@@ -0,0 +1,404 @@
+/**
+ * Domain Site Guard - UI Renderer
+ * Handles visual blocks, warnings, and browser API restrictions.
+ * HARDENED MODE: Includes MutationObserver for self-healing DOM.
+ */
+
+let activeStatusCode = -1;
+const KNOWN_IDS = [
+  "dsg-block-screen",
+  "dsg-banner",
+  "dsg-maint",
+  "dsg-ddos",
+  "dsg-soon",
+  "dsg-sunset",
+];
+const KNOWN_STYLES = [
+  "dsg-readonly",
+  "dsg-cursor",
+  "dsg-tier",
+  "dsg-hide-payment",
+  "dsg-hide-auth",
+  "dsg-hide-upload",
+  "dsg-hide-limited",
+];
+
+const uiRenderer = {
+  // === Helpers ===
+  injectCSS: (id, css) => {
+    if (document.getElementById(id)) return;
+    const style = document.createElement("style");
+    style.id = id;
+    style.innerHTML = css;
+    document.head.appendChild(style);
+  },
+
+  reset: () => {
+    // Clear Elements
+    KNOWN_IDS.forEach((id) => {
+      const el = document.getElementById(id);
+      if (el) el.remove();
+    });
+    // Clear Styles
+    KNOWN_STYLES.forEach((id) => {
+      const el = document.getElementById(id);
+      if (el) el.remove();
+    });
+    // Unfreeze APIs if possible? (Hard to undo Object.freeze/overwrites without reload)
+    // Cursor unfreeze is handled by removing CSS
+  },
+
+  // Self-Healing DOM: If the user deletes the element, put it back immediately.
+  secureElement: (id, renderFn, forStatus) => {
+    // Initial Render
+    if (!document.getElementById(id)) renderFn();
+
+    // 1. MutationObserver (Instant Repair)
+    const observer = new MutationObserver((mutations) => {
+      if (activeStatusCode !== forStatus) {
+        observer.disconnect();
+        return;
+      }
+
+      if (!document.getElementById(id)) {
+        // Detected removal!
+        console.warn("⚠️ Security Alert: DOM Tampering Detected. Restoring...");
+        renderFn();
+      }
+    });
+
+    observer.observe(document.body, { childList: true, subtree: true });
+
+    // 2. Interval Check (Backup if Observer is disabled/bypassed)
+    const int = setInterval(() => {
+      if (activeStatusCode !== forStatus) {
+        clearInterval(int);
+        return;
+      }
+      if (!document.getElementById(id)) renderFn();
+    }, 500);
+  },
+
+  // === Status Implementations ===
+
+  // Status 0: Normal
+  normal: () => {
+    console.log("✅ Domain Site Guard: System Normal");
+  },
+
+  // Status 1, 9, 18: Full Blocking Pages
+  blockPage: (message = "Access Denied") => {
+    const id = "dsg-block-screen";
+    const render = () => {
+      // Remove existing if any (partial)
+      const existing = document.getElementById(id);
+      if (existing) existing.remove();
+
+      const div = document.createElement("div");
+      div.id = id;
+      div.innerHTML = `
+                <div style="font-family: monospace; background: #000; color: #f00; height: 100vh; width: 100vw; position: fixed; top: 0; left: 0; z-index: 2147483647; display: flex; flex-direction: column; justify-content: center; align-items: center; text-align: center;">
+                    <h1 style="font-size: 4rem; margin: 0;">🚫 BLOCKED</h1>
+                    <p style="font-size: 1.5rem; color: #fff;">${message}</p>
+                    <div style="margin-top: 2rem; color: #666;">ID: DSG-ERR-${Math.floor(Math.random() * 1000)}</div>
+                </div>
+            `;
+      document.body.appendChild(div);
+      document.body.style.overflow = "hidden";
+      // Try to stop other scripts
+      if (window.stop) window.stop();
+    };
+    // Secure it
+    uiRenderer.secureElement(id, render, activeStatusCode);
+  },
+
+  // Status 2, 6, 13: Warnings
+  showWarning: (message = "Notice: Restricted Mode") => {
+    const id = "dsg-banner";
+    const render = () => {
+      const existing = document.getElementById(id);
+      if (existing) existing.remove();
+
+      const div = document.createElement("div");
+      div.id = id;
+      div.style.cssText =
+        "position:fixed;top:0;left:0;width:100%;background:#ffcc00;color:#000;padding:10px;text-align:center;z-index:999999;font-weight:bold;box-shadow:0 2px 5px rgba(0,0,0,0.2);";
+      div.innerText = `⚠️ ${message}`;
+      document.body.prepend(div);
+    };
+    uiRenderer.secureElement(id, render, activeStatusCode);
+  },
+
+  // Status 3: Read Only
+  disableInputs: () => {
+    uiRenderer.injectCSS(
+      "dsg-readonly",
+      `
+            input, button, select, textarea, [contenteditable] {
+                pointer-events: none !important;
+                opacity: 0.6 !important;
+                background: #eee !important;
+            }
+        `,
+    );
+    uiRenderer.showWarning("Read-Only Mode: You cannot make changes.");
+  },
+
+  // Status 4: API Kill
+  disableAPIs: () => {
+    const noop = () => {
+      throw new Error("Blocked by DSG");
+    };
+    // Freeze these objects to prevent re-enabling
+    try {
+      window.fetch = noop;
+      window.XMLHttpRequest = function () {
+        this.open = noop;
+        this.send = noop;
+      };
+      Object.freeze(window.fetch);
+    } catch (e) {}
+    console.warn("☠️ APIs Disabled");
+  },
+
+  // Status 5: Maintenance
+  maintenanceMode: (message = "Maintenance in Progress") => {
+    const id = "dsg-maint";
+    const render = () => {
+      const div = document.createElement("div");
+      div.id = id;
+      div.innerHTML = `
+                 <div style="font-family: sans-serif; background: #f8f9fa; color: #333; height: 100vh; width: 100vw; position: fixed; top: 0; left: 0; z-index: 2147483647; display: flex; flex-direction: column; justify-content: center; align-items: center;">
+                    <h1>System Maintenance</h1>
+                    <p>${message}</p>
+                </div>
+            `;
+      if (!document.getElementById(id)) document.body.appendChild(div);
+    };
+    uiRenderer.secureElement(id, render, activeStatusCode);
+  },
+
+  // Status 7, 8: Fake Browser Check (DDOS/Bot)
+  fakeProtection: (message = "Checking your browser...") => {
+    const id = "dsg-ddos";
+    const render = () => {
+      const div = document.createElement("div");
+      div.id = id;
+      div.innerHTML = `
+                <div style="font-family: sans-serif; height: 100vh; width: 100vw; position: fixed; top: 0; left: 0; z-index: 2147483647; display: flex; flex-direction: column; justify-content: center; align-items: center; background: #fff;">
+                    <div class="loader" style="border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px; height: 40px; animation: spin 1s linear infinite;"></div>
+                    <h2 style="margin-top: 20px;">DDoS Protection</h2>
+                    <p>${message}</p>
+                    <style>@keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }</style>
+                </div>
+            `;
+      if (!document.getElementById(id)) document.body.appendChild(div);
+    };
+    uiRenderer.secureElement(id, render, activeStatusCode);
+  },
+
+  // Status 10, 11, 12, 19: Feature Hiding
+  hideFeatures: (type) => {
+    let css = "";
+    let msg = "";
+    switch (type) {
+      case "payment":
+        css = `.payment, .checkout, .billing, [href*="checkout"], [href*="pay"] { display: none !important; }`;
+        msg = "Payments are currently disabled.";
+        break;
+      case "auth":
+        css = `.login, .signin, .signup, .register, [href*="login"], [href*="register"] { display: none !important; }`;
+        msg = "Authentication is disabled.";
+        break;
+      case "upload":
+        css = `input[type="file"], .upload-btn { display: none !important; }`;
+        msg = "File uploads are disabled.";
+        break;
+      case "limited": // 19
+        css = `.premium, .advanced, .pro-feature { display: none !important; }`;
+        msg = "Running in Limited Feature Mode.";
+        break;
+    }
+    uiRenderer.injectCSS(`dsg-hide-${type}`, css);
+    uiRenderer.showWarning(msg);
+  },
+
+  // Status 14: Coming Soon
+  comingSoon: (message = "We are launching soon!") => {
+    const id = "dsg-soon";
+    const render = () => {
+      const div = document.createElement("div");
+      div.id = id;
+      div.innerHTML = `
+                 <div style="font-family: sans-serif; background: #1a1a1a; color: #fff; height: 100vh; width: 100vw; position: fixed; top: 0; left: 0; z-index: 2147483647; display: flex; flex-direction: column; justify-content: center; align-items: center;">
+                    <h1>🚀 Coming Soon</h1>
+                    <p>${message}</p>
+                </div>
+            `;
+      if (!document.getElementById(id)) document.body.appendChild(div);
+    };
+    uiRenderer.secureElement(id, render, activeStatusCode);
+  },
+
+  // Status 15: Sunset Countdown
+  sunsetMode: (message = "Service Shutting Down") => {
+    const id = "dsg-sunset";
+    const target = new Date();
+    target.setDate(target.getDate() + 30);
+    const render = () => {
+      const div = document.createElement("div");
+      div.id = id;
+      div.innerHTML = `
+                 <div style="font-family: sans-serif; background: #000; color: #ff9900; height: 100vh; width: 100vw; position: fixed; top: 0; left: 0; z-index: 2147483647; display: flex; flex-direction: column; justify-content: center; align-items: center;">
+                    <h1>🌅 service sunset</h1>
+                    <p>${message}</p>
+                    <div style="font-size: 4rem; margin: 20px;">${target.toISOString().split("T")[0]}</div>
+                    <p>Please export your data immediately.</p>
+                </div>
+            `;
+      if (!document.getElementById(id)) document.body.appendChild(div);
+    };
+    uiRenderer.secureElement(id, render, activeStatusCode);
+  },
+
+  // Status 16, 17: Tier Lock
+  tierLock: (msg) => {
+    uiRenderer.showWarning(`🔒 ${msg}`);
+    uiRenderer.injectCSS(
+      "dsg-tier",
+      `.premium-content { filter: blur(5px); pointer-events: none; }`,
+    );
+  },
+
+  // Status 20: Cursor Lock
+  freezeCursor: () => {
+    uiRenderer.injectCSS("dsg-cursor", `* { cursor: none !important; }`);
+    window.addEventListener("mousemove", (e) => e.stopPropagation(), true);
+  },
+
+  // Status 99, 100: Ultra
+  disableConsole: () => {
+    ["log", "warn", "error", "table"].forEach((m) => {
+      try {
+        console[m] = () => {};
+        // Object.defineProperty(console, m, { value: () => {}, writable: false });
+      } catch (e) {}
+    });
+  },
+
+  ultraLock: (msg) => {
+    uiRenderer.disableConsole();
+    uiRenderer.freezeCursor();
+    uiRenderer.blockPage(msg || "SYSTEM LOCKDOWN");
+  },
+
+  // === Main Switch ===
+  enforce: (statusCode, message) => {
+    const code = parseInt(statusCode, 10);
+
+    // State Transition Check: Only update if status CHANGED
+    if (activeStatusCode === code) return;
+
+    // Changing state: Reset previous blockers
+    uiRenderer.reset();
+    activeStatusCode = code;
+
+    switch (code) {
+      case 0:
+        uiRenderer.normal();
+        break;
+
+      case 1:
+        uiRenderer.blockPage(message || "Hack Detected: Access Denied");
+        break;
+
+      case 2:
+        uiRenderer.showWarning(message || "Misuse Detected");
+        break;
+      case 3:
+        uiRenderer.disableInputs();
+        break;
+      case 4:
+        uiRenderer.disableAPIs();
+        break;
+      case 5:
+        uiRenderer.maintenanceMode(message);
+        break;
+      case 6:
+        uiRenderer.showWarning(message || "Service Degraded: Expect Delays");
+        break;
+
+      case 7:
+        uiRenderer.fakeProtection(
+          message || "DDoS Protection: Verifying request...",
+        );
+        break;
+      case 8:
+        uiRenderer.fakeProtection(
+          message || "Bot Protection: Verifying human...",
+        );
+        break;
+
+      case 9:
+        uiRenderer.blockPage(message || "License Invalid or Expired");
+        break;
+
+      case 10:
+        uiRenderer.hideFeatures("payment");
+        break;
+      case 11:
+        uiRenderer.hideFeatures("auth");
+        break;
+      case 12:
+        uiRenderer.hideFeatures("upload");
+        break;
+      case 13:
+        uiRenderer.showWarning(
+          message || "Soft Maintenance: Updates in progress",
+        );
+        break;
+
+      case 14:
+        uiRenderer.comingSoon(message);
+        break;
+      case 15:
+        uiRenderer.sunsetMode(message);
+        break;
+
+      case 16:
+        uiRenderer.tierLock(message || "Free Mode: Premium features locked");
+        break;
+      case 17:
+        uiRenderer.tierLock(message || "Premium Users Only");
+        break;
+
+      case 18:
+        uiRenderer.blockPage(
+          message || "Geo-Restricted: Access not allowed from your location",
+        );
+        break;
+      case 19:
+        uiRenderer.hideFeatures("limited");
+        break;
+
+      case 20:
+        uiRenderer.freezeCursor();
+        break;
+      case 99:
+        uiRenderer.disableConsole();
+        break;
+      case 100:
+        uiRenderer.ultraLock(message);
+        break;
+
+      default:
+        console.warn("DSG: Unknown code", code);
+        break;
+    }
+  },
+};
+
+// Harden the object to prevent overwriting methods
+Object.freeze(uiRenderer);
+
+export { uiRenderer };