fieldshield 1.0.0

package/dist/fieldshield.js

@@ -0,0 +1,790 @@
+import { jsxs as D, jsx as d, Fragment as le } from "react/jsx-runtime";
+import { useState as G, useRef as M, useEffect as ee, useCallback as z, forwardRef as he, useId as ge, useImperativeHandle as me } from "react";
+const te = Object.freeze({
+  // ── AI / Cloud credentials ────────────────────────────────────────────────
+  /**
+   * OpenAI keys (all generations) and Anthropic keys — all use `sk-` prefix.
+   *
+   * - Old OpenAI personal keys:       `sk-[alphanum]{20+}`
+   * - New OpenAI project keys:        `sk-proj-[alphanum+hyphen]{20+}`
+   * - New OpenAI service account:     `sk-svcacct-[alphanum+hyphen]{20+}`
+   * - Anthropic keys:                 `sk-ant-api03-[alphanum+hyphen]{20+}`
+   *
+   * The updated pattern allows hyphens in the key body (`[a-zA-Z0-9-]`) so
+   * all `sk-*` variants are caught by a single alternative. The `ant-api-`
+   * alternative is retained for any legacy keys not using the `sk-` prefix.
+   * Google AIza keys remain unchanged.
+   */
+  AI_API_KEY: "(sk-[a-zA-Z0-9][a-zA-Z0-9-]{19,}|ant-api-[a-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35})",
+  /**
+   * AWS permanent (`AKIA`) and temporary (`ASIA`) access key prefixes.
+   * Fixed: previous pattern had `ASXA` which is not a real AWS prefix —
+   * the correct temporary credential prefix is `ASIA`.
+   * 16-character alphanumeric uppercase suffix after the 4-char prefix.
+   */
+  AWS_ACCESS_KEY: "\\b(AKIA|ASIA)[0-9A-Z]{16}\\b",
+  // ── PII ───────────────────────────────────────────────────────────────────
+  /**
+   * US Social Security Number — all common separator formats.
+   *
+   * Matches:
+   *   `123-45-6789`  hyphen separated  (standard printed format)
+   *   `123 45 6789`  space separated   (typed on mobile without hyphen key)
+   *   `123.45.6789`  dot separated     (common in some form UIs)
+   *   `123456789`    no separator      (common when copy-pasting from a database)
+   *
+   * `[-\s.]?` makes the separator optional, catching all four formats
+   * with a single pattern. False positive risk on bare 9-digit numbers is
+   * acceptable in a security context — a missed SSN is worse than a
+   * false positive that briefly highlights a non-sensitive number.
+   *
+   * @remarks **False positive risk (medium):**
+   * The bare 9-digit form (`123456789`) matches any 9-digit number. This
+   * overlaps with `TAX_ID` bare form and with arbitrary 9-digit numeric IDs.
+   * Both `SSN` and `TAX_ID` firing on the same value is intentional — the
+   * field may contain either, and consuming applications can use field context
+   * to disambiguate. The hyphenated form (`123-45-6789`) has very low false
+   * positive risk and is the recommended format to require in dedicated SSN
+   * fields.
+   */
+  SSN: "\\b\\d{3}[-\\s.]?\\d{2}[-\\s.]?\\d{4}\\b",
+  /**
+   * RFC 5321-compatible email address.
+   * Covers standard alphanumeric local parts with common special characters.
+   */
+  EMAIL: "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",
+  /**
+   * US phone numbers — relaxed exchange constraint to catch real-world input.
+   *
+   * Previous pattern required exchange to start with [2-9] (NANP-strict),
+   * which rejected common inputs like `555-123-4567` where the exchange
+   * starts with 1. Relaxed to `\d{3}` since FieldShield is a security
+   * library, not a phone number validator — false negatives are worse
+   * than false positives here.
+   *
+   * Also adds an international format alternative (`\+[1-9]\d{6,14}`)
+   * for non-US numbers like `+44 7911 123456`.
+   *
+   * Matches:
+   *   `555-123-4567`      US hyphen
+   *   `555 123 4567`      US space
+   *   `5551234567`        US no separator
+   *   `(555) 123-4567`    US with area code parens
+   *   `+1 555 123 4567`   US with country code
+   *   `+44 7911 123456`   UK mobile
+   *   `+91 98765 43210`   India mobile
+   */
+  PHONE: "\\b(?:\\+?1[-. ]?)?\\(?[2-9]\\d{2}\\)?[-. ]?\\d{3}[-. ]?\\d{4}\\b|\\+[1-9][\\s.-]?(?:\\d[\\s.-]?){6,14}\\d\\b",
+  // ── Financial ────────────────────────────────────────────────────────────
+  //
+  // IBAN was moved to OPT_IN_PATTERNS — see that export for the rationale.
+  /**
+   * Visa, Mastercard, and American Express — with optional space or hyphen
+   * separators between digit groups.
+   *
+   * Previous pattern required consecutive digits, missing the most common
+   * real-world format (`4111 1111 1111 1111`) users type or paste from cards.
+   *
+   * Matches:
+   *   Visa 16-digit:   `4111111111111111` / `4111 1111 1111 1111` / `4111-1111-1111-1111`
+   *   Mastercard:      `5500005555555559` / `5500 0055 5555 5559`
+   *   Amex 15-digit:   `378282246310005`  / `3782 822463 10005`
+   *
+   * Does not run a Luhn checksum — add post-match validation in production
+   * to reduce false positives on structurally-matching non-card numbers.
+   */
+  CREDIT_CARD: [
+    "\\b4\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b",
+    "\\b5[1-5]\\d{2}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b",
+    "\\b3[47]\\d{2}[-\\s]?\\d{6}[-\\s]?\\d{5}\\b"
+  ].join("|"),
+  /**
+   * Date of birth — common formats used in healthcare and fintech forms.
+   *
+   * Matches:
+   *   `MM/DD/YYYY`   US slash format       e.g. `01/15/1990`
+   *   `MM-DD-YYYY`   US hyphen format      e.g. `01-15-1990`
+   *   `MM.DD.YYYY`   US dot format         e.g. `01.15.1990`
+   *   `YYYY-MM-DD`   ISO 8601              e.g. `1990-01-15`
+   *   `YYYY/MM/DD`   ISO with slashes      e.g. `1990/01/15`
+   *
+   * Year range constrained to 1900–2099 to avoid matching arbitrary
+   * date-like numbers. Month constrained to 01–12, day to 01–31.
+   *
+   * @remarks **False positive risk (medium — acceptable in healthcare contexts):**
+   * Any date in a clinical note will trigger this pattern. This is intentional
+   * because dates are PHI under HIPAA (45 CFR §164.514(b)(2)(i) lists dates as
+   * one of the 18 PHI identifiers). Consuming applications should be aware that
+   * date-heavy fields (e.g. encounter notes, lab reports) will fire frequently.
+   * Consider `a11yMode` or field-level pattern overrides for fields where dates
+   * are expected but not individually sensitive.
+   */
+  DATE_OF_BIRTH: "\\b(?:0?[1-9]|1[0-2])[-/.](?:0?[1-9]|[12]\\d|3[01])[-/.](?:19|20)\\d{2}\\b|\\b(?:19|20)\\d{2}[-/.](?:0?[1-9]|1[0-2])[-/.](?:0?[1-9]|[12]\\d|3[01])\\b",
+  /**
+   * US Employer Identification Number (EIN) / Tax ID.
+   *
+   * Matches:
+   *   `12-3456789`   hyphenated EIN format
+   *   `123456789`    9-digit no separator (also overlaps with SSN bare digits)
+   *
+   * @remarks **False positive risk (medium):**
+   * The bare 9-digit form (`123456789`) matches any 9-digit number — zip codes,
+   * product IDs, reference numbers, and other identifiers all have 9 digits.
+   * Use this pattern on tax-specific fields (W-9, EIN entry) rather than
+   * general free-text fields to avoid excessive false positives. Both `SSN` and
+   * `TAX_ID` firing on the same bare 9-digit value is intentional — the field
+   * may contain either, and consuming applications can use field context to
+   * disambiguate.
+   */
+  TAX_ID: "\\b\\d{2}-\\d{7}\\b|\\b\\d{9}\\b",
+  // ── Credentials (developer / admin tooling) ───────────────────────────────
+  //
+  // These patterns are unlikely to appear in typical end-user consumer forms.
+  // They are included for applications that expose developer-facing inputs —
+  // config panels, support chat, API key management UIs — where accidental
+  // credential exposure is a real risk.
+  //
+  // Consumer-facing deployments can safely ignore these — a user entering
+  // their SSN will never trigger GITHUB_TOKEN or JWT.
+  /**
+   * GitHub personal access tokens and fine-grained PATs.
+   *
+   * Prefixes:
+   *   `ghp_`         classic personal access token
+   *   `gho_`         OAuth app token
+   *   `ghs_`         GitHub Apps server-to-server token
+   *   `ghu_`         GitHub Apps user-to-server token
+   *   `github_pat_`  fine-grained personal access token (newer format)
+   */
+  GITHUB_TOKEN: "\\b(ghp|gho|ghs|ghu|github_pat)_[a-zA-Z0-9_]{20,}\\b",
+  /**
+   * Stripe API keys — secret, publishable, and restricted.
+   *
+   * Prefixes:
+   *   `sk_live_` / `sk_test_`   secret keys (highest privilege — never expose)
+   *   `pk_live_` / `pk_test_`   publishable keys (client-safe but worth flagging)
+   *   `rk_live_` / `rk_test_`   restricted keys
+   *
+   * `sk_live_` keys are the highest-value target — a leaked live secret key
+   * gives full Stripe account access.
+   */
+  STRIPE_KEY: "\\b(sk|pk|rk)_(live|test)_[a-zA-Z0-9]{20,}\\b",
+  /**
+   * JSON Web Token (JWT) — three base64url segments separated by dots.
+   *
+   * All JWTs begin with `eyJ` (base64url encoding of `{"`) making them
+   * highly detectable with very low false positive rate. JWTs appear in
+   * support tickets, config forms, and debug paste fields constantly —
+   * a valid JWT pasted anywhere is a potential session hijack.
+   */
+  JWT: "\\beyJ[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\b",
+  /**
+   * PEM private key block header.
+   *
+   * Matches the opening line of RSA, EC, and OpenSSH private keys.
+   * The header alone is sufficient to flag the paste — the base64 body
+   * that follows does not need to match.
+   *
+   * Covers:
+   *   `-----BEGIN PRIVATE KEY-----`
+   *   `-----BEGIN RSA PRIVATE KEY-----`
+   *   `-----BEGIN EC PRIVATE KEY-----`
+   *   `-----BEGIN OPENSSH PRIVATE KEY-----`
+   *
+   * Does NOT match `-----BEGIN PUBLIC KEY-----` or `-----BEGIN CERTIFICATE-----`
+   * which are not sensitive.
+   */
+  PRIVATE_KEY_BLOCK: "-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----",
+  // ── Healthcare identifiers ────────────────────────────────────────────────
+  //
+  // UK_NIN is the sole built-in healthcare identifier. DEA_NUMBER and
+  // NPI_NUMBER were moved to OPT_IN_PATTERNS — see that export for the
+  // rationale on each.
+  // ── International PII ─────────────────────────────────────────────────────
+  /**
+   * UK National Insurance Number (NIN) — equivalent of US SSN for UK residents.
+   *
+   * Format: 2 letters + 6 digits + 1 letter suffix, optionally space-separated.
+   *   `AB 12 34 56 C`   standard printed format (spaces between pairs)
+   *   `AB123456C`       compact format (no spaces)
+   *
+   * Constraints:
+   *   - First letter: not D, F, I, Q, U, V; not BG, GB, KN, NK, NT, TN, ZZ
+   *   - Second letter: not D, F, I, Q, U, V
+   *   - Suffix: A, B, C, or D only
+   *
+   * Pattern simplifies the first/second letter exclusions to the most common
+   * valid range — captures all real NINs while excluding the most common
+   * invalid prefixes.
+   *
+   * Matches:
+   *   `AB 12 34 56 C`   standard spaced format
+   *   `AB123456C`       compact no-space format
+   *   `QQ 12 34 56 A`   valid prefix
+   */
+  UK_NIN: "\\b[A-CEGHJ-PR-TW-Z][A-CEGHJ-NPR-TW-Z]\\s?\\d{2}\\s?\\d{2}\\s?\\d{2}\\s?[A-D]\\b"
+}), ye = Object.freeze({
+  /**
+   * International Bank Account Number (IBAN) — with or without spaces.
+   *
+   * **Why opt-in:**
+   * The pattern opens with two uppercase letters followed by two digits, then
+   * continues with alphanumeric groups. In clinical and pharmaceutical contexts,
+   * structured identifiers that share this shape — laboratory accession numbers,
+   * specimen container IDs, reagent lot codes, GS1 product codes, and ISO
+   * country-code-prefixed reference IDs — trigger this pattern. IBAN detection
+   * is only meaningful on dedicated payment or banking fields; enabling it on
+   * healthcare or general free-text fields produces frequent false positives.
+   *
+   * **When to use:** Payment instruction fields, wire transfer forms, banking
+   * account entry — fields where an IBAN is the specifically expected value.
+   *
+   * Matches:
+   *   `GB82WEST12345698765432`         no spaces
+   *   `GB82 WEST 1234 5698 7654 32`   standard printed format
+   *   `DE89370400440532013000`         German IBAN no spaces
+   */
+  IBAN: "\\b[A-Z]{2}\\d{2}[-\\s]?(?:[A-Z0-9]{1,4}[-\\s]?){3,}[A-Z0-9]{1,4}\\b",
+  /**
+   * DEA Registration Number — US Drug Enforcement Administration prescriber ID.
+   *
+   * Format: 2 letters + 7 digits.
+   *   - First letter: registrant type code (A-Z minus I, N, O, V, W, Y, Z)
+   *   - Second letter: first letter of registrant's last name (A-Z)
+   *   - 7 digits: unique identifier with check digit
+   *
+   * **Why opt-in:**
+   * The pattern `[A-Z]{2}\d{7}` matches any two uppercase letters followed by
+   * seven digits. This shape is ubiquitous in pharmaceutical and clinical contexts:
+   * medication lot numbers (`AB1234567`), product batch codes (`CD9876543`),
+   * laboratory reagent IDs, and equipment serial numbers all satisfy the constraint.
+   * In clinical notes, pharmacy systems, and inventory fields the false positive
+   * rate is unacceptably high.
+   *
+   * **When to use:** Dedicated DEA number entry fields — prescriber credentialing
+   * forms, controlled substance prescribing UI, pharmacy management systems where
+   * a DEA number is the specifically expected value. Do not enable on clinical
+   * notes, pharmacy dispensing free-text, or general healthcare free-text fields.
+   *
+   * Matches:
+   *   `AB1234563`   practitioner (C) + last name initial B
+   *   `BX9876541`   hospital (B) + last name initial X
+   */
+  DEA_NUMBER: "\\b[ABCDEFGHJKLMPRSTUX][A-Z]\\d{7}\\b",
+  /**
+   * SWIFT / BIC Code — Society for Worldwide Interbank Financial
+   * Telecommunication Business Identifier Code.
+   *
+   * **Why opt-in:**
+   * The pattern `[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?` matches any
+   * 8-letter word. Common English medical and technical terms —
+   * "nephropathy", "computing", "HYPERTENSION", "PENICILLIN" — all satisfy
+   * the 8-character uppercase letter constraint. In clinical notes or
+   * free-text fields this produces an extremely high false positive rate.
+   *
+   * **When to use:** Wire transfer instruction fields, SWIFT payment forms,
+   * or correspondent banking UI where a BIC code is the expected value.
+   * Do not enable on general-purpose or clinical free-text fields.
+   *
+   * Format: 8 or 11 alphanumeric characters.
+   *   - Bank code:     4 uppercase letters    e.g. `DEUT`
+   *   - Country code:  2 uppercase letters    e.g. `DE`
+   *   - Location code: 2 alphanumeric chars   e.g. `DB`
+   *   - Branch code:   3 alphanumeric chars   e.g. `BER` (optional)
+   *
+   * Matches:
+   *   `DEUTDEDB`      8-character (head office)
+   *   `DEUTDEDBBER`   11-character (branch)
+   *   `BOFAUS3N`      Bank of America US
+   *   `CHASUS33`      JPMorgan Chase US
+   */
+  SWIFT_BIC: "\\b[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?\\b",
+  /**
+   * National Provider Identifier (NPI) — 10-digit US healthcare provider ID.
+   *
+   * **Why opt-in:**
+   * The pattern `[12]\d{9}` matches any 10-digit number beginning with 1 or 2.
+   * In free-text clinical notes, dates with times, order numbers, reference IDs,
+   * and phone-number-adjacent strings frequently produce 10-digit sequences
+   * starting with 1 or 2. The false positive rate in unstructured clinical text
+   * is too high for this to be a default.
+   *
+   * **When to use:** Provider lookup fields, credentialing forms, NPI registry
+   * search inputs — fields where a 10-digit provider ID is the expected value.
+   * Do not enable on clinical note, encounter note, or general-purpose fields.
+   *
+   * NPIs are issued by CMS and are publicly searchable via the NPPES registry.
+   * An NPI in isolation is not sensitive — it is intentionally public. When an
+   * NPI appears alongside patient data it becomes a PHI linkage key.
+   *
+   * Two types:
+   *   Type 1 (Individual): begins with 1   e.g. `1234567893`
+   *   Type 2 (Organization): begins with 2 e.g. `2345678901`
+   */
+  NPI_NUMBER: "\\b[12]\\d{9}\\b",
+  /**
+   * Passport number — 1–2 uppercase letters followed by 6–9 digits.
+   *
+   * **Why opt-in:**
+   * The pattern `[A-Z]{1,2}[0-9]{6,9}` matches letter+digit combinations
+   * that are extremely common in clinical and product contexts:
+   * medication lot numbers (`AB123456`), lab specimen IDs (`A1234567`),
+   * ICD-10 codes with procedure modifiers, and equipment serial numbers
+   * all match this pattern. In clinical notes the false positive rate is high.
+   *
+   * **When to use:** Identity verification fields, KYC document entry forms,
+   * travel document upload flows — fields where a passport number is the
+   * expected value. Do not enable on clinical, product, or general free-text
+   * fields.
+   *
+   * Covers the most common formats:
+   *   US:  1 letter + 8 digits   e.g. `A12345678`
+   *   EU:  2 letters + 7 digits  e.g. `AB1234567`
+   *   IN:  1 letter + 7 digits   e.g. `A1234567`
+   */
+  PASSPORT_NUMBER: "\\b[A-Z]{1,2}[0-9]{6,9}\\b"
+}), ce = 3e3, be = 1e5, de = (i) => Object.fromEntries(i.map((n) => [n.name, n.regex])), Se = (i = [], n = be, v, h) => {
+  const [A, g] = G(""), [$, O] = G([]), [N, S] = G(!1), s = M(null), I = JSON.stringify(i);
+  ee(() => {
+    let m = !1;
+    try {
+      s.current = new Worker(
+        new URL(
+          /* @vite-ignore */
+          "/assets/fieldshield.worker.js",
+          import.meta.url
+        ),
+        { type: "module" }
+      );
+    } catch (l) {
+      console.error(
+        "[FieldShield] Worker failed to initialize — falling back to a11yMode.",
+        l
+      ), queueMicrotask(() => S(!0));
+      return;
+    }
+    return s.current.onmessage = (l) => {
+      m || l.data?.type === "UPDATE" && typeof l.data.masked == "string" && Array.isArray(l.data.findings) && (g(l.data.masked), O(l.data.findings));
+    }, s.current.onerror = (l) => {
+      m || (console.error(
+        `[FieldShield] Worker runtime error: ${l.message ?? "unknown error"}`
+      ), g(""), O([]), h?.(l));
+    }, s.current.postMessage({
+      type: "CONFIG",
+      payload: {
+        defaultPatterns: te,
+        customPatterns: de([])
+        // Effect 2 delivers custom patterns after mount
+      }
+    }), () => {
+      m = !0, s.current?.terminate(), s.current = null;
+    };
+  }, []), ee(() => {
+    s.current && s.current.postMessage({
+      type: "CONFIG",
+      payload: {
+        defaultPatterns: te,
+        customPatterns: de(i)
+      }
+    });
+  }, [I]);
+  const R = z(
+    (m) => m.length > n ? (console.warn(
+      `[FieldShield] Input length ${m.length} exceeds maxProcessLength (${n}). Keystroke blocked to prevent unprotected data beyond the limit. Raise maxProcessLength if this field requires longer input.`
+    ), v?.(m.length, n), !1) : (s.current?.postMessage({
+      type: "PROCESS",
+      payload: { text: m }
+    }), !0),
+    [n, v]
+  ), T = z(() => new Promise((m, l) => {
+    if (!s.current) {
+      m("");
+      return;
+    }
+    const { port1: k, port2: B } = new MessageChannel(), L = setTimeout(() => {
+      k.close(), l(
+        new Error(
+          `[FieldShield] getSecureValue timed out after ${ce}ms.`
+        )
+      );
+    }, ce);
+    k.onmessage = (W) => {
+      clearTimeout(L), k.close(), m(W.data.text);
+    }, s.current.postMessage({ type: "GET_TRUTH" }, [B]);
+  }), []), U = z(() => {
+    s.current?.postMessage({ type: "PURGE" });
+  }, []);
+  return { masked: A, findings: $, processText: R, getSecureValue: T, purge: U, workerFailed: N };
+}, ve = he(
+  ({
+    label: i,
+    type: n = "text",
+    placeholder: v,
+    customPatterns: h = [],
+    className: A,
+    style: g,
+    onChange: $,
+    a11yMode: O = !1,
+    onSensitiveCopyAttempt: N,
+    onSensitivePaste: S,
+    onFocus: s,
+    onBlur: I,
+    disabled: R = !1,
+    required: T = !1,
+    maxLength: U,
+    rows: m = 3,
+    inputMode: l = "text",
+    maxProcessLength: k = 1e5,
+    onMaxLengthExceeded: B,
+    onWorkerError: L
+  }, W) => {
+    const {
+      masked: V,
+      findings: Z,
+      processText: H,
+      getSecureValue: ae,
+      purge: se,
+      workerFailed: oe
+    } = Se(
+      h,
+      k,
+      B,
+      L
+    ), ue = O || oe, o = Z.length > 0, w = i ?? "Protected field", J = M(null), ne = M(null), K = M(null), u = M(""), C = ge(), _ = `${C}-warning`, j = `${C}-desc`;
+    me(
+      W,
+      () => ({
+        getSecureValue: ae,
+        purge: () => {
+          se(), H(""), u.current = "";
+          const e = J.current ?? ne.current;
+          e && (e.value = "", K.current && (K.current.textContent = `
+`));
+        }
+      }),
+      [ae, se, H]
+    ), ee(() => {
+      $?.(V, Z);
+    }, [V, Z, $]);
+    const Y = (e, t, a) => {
+      if (!H(t)) {
+        const b = u.current.replace(/[^\n]/g, "x");
+        e.value = b;
+        const f = Math.min(a, u.current.length);
+        e.setSelectionRange(f, f);
+        return;
+      }
+      u.current = t;
+      const r = t.replace(/[^\n]/g, "x");
+      e.value = r, e.setSelectionRange(a, a), K.current && (K.current.textContent = r + `
+`);
+    }, re = (e) => {
+      const t = e.target, a = t.value, p = t.selectionStart ?? a.length, r = u.current, b = a.length - r.length;
+      let f;
+      if (b > 0) {
+        const c = Math.max(0, p - b), E = a.slice(c, p);
+        f = r.slice(0, c) + E + r.slice(c);
+      } else if (b < 0) {
+        const c = p, E = c - b;
+        f = r.slice(0, c) + r.slice(E);
+      } else {
+        let c = -1, E = -1;
+        for (let y = 0; y < a.length; y++)
+          a[y] !== "x" && a[y] !== `
+` && (c === -1 && (c = y), E = y + 1);
+        if (c !== -1) {
+          const y = a.slice(c, E);
+          f = r.slice(0, c) + y + r.slice(E);
+        } else
+          f = r;
+      }
+      Y(t, f, p);
+    }, pe = (e) => {
+      const t = e.target.value;
+      u.current = t, H(t);
+    }, X = (e) => {
+      e.preventDefault();
+      const t = e.clipboardData.getData("text/plain"), a = e.target, p = a.selectionStart ?? 0, r = a.selectionEnd ?? 0, b = u.current, f = b.length - (r - p) + t.length;
+      if (f > k) {
+        console.warn(
+          `[FieldShield] Paste blocked — result length ${f} would exceed maxProcessLength (${k}). DOM unchanged.`
+        ), B?.(f, k);
+        return;
+      }
+      const c = b.slice(0, p) + t + b.slice(r), E = p + t.length;
+      if (Y(a, c, E), S && t) {
+        const y = [
+          ...Object.entries(te),
+          ...h.map((P) => [P.name, P.regex])
+        ], ie = [];
+        for (const [P, F] of y)
+          try {
+            ie.push([P, new RegExp(F, "gi")]);
+          } catch {
+          }
+        const q = [];
+        let Q = t;
+        for (const [P, F] of ie)
+          F.lastIndex = 0, F.test(t) && (q.push(P), F.lastIndex = 0, Q = Q.replace(
+            F,
+            (fe) => "█".repeat(fe.length)
+          ));
+        q.length > 0 && S({
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          fieldLabel: w,
+          findings: [...new Set(q)],
+          masked: Q,
+          eventType: "paste"
+        }) === !1 && Y(a, b, p);
+      }
+    }, x = (e) => {
+      e.preventDefault();
+      const t = e.target, a = t.selectionStart ?? 0, p = t.selectionEnd ?? u.current.length, r = V.slice(a, p), b = r.includes("█");
+      if (o && b ? (e.clipboardData.setData("text/plain", r), N?.({
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        fieldLabel: w,
+        findings: [...Z],
+        // snapshot — receiver must not hold a reference to internal state
+        masked: r,
+        eventType: e.type === "cut" ? "cut" : "copy"
+      })) : e.clipboardData.setData(
+        "text/plain",
+        u.current.slice(a, p)
+      ), e.type === "cut") {
+        const f = u.current.slice(0, a), c = u.current.slice(p);
+        u.current = f + c, H(u.current);
+        const E = "x".repeat(u.current.length);
+        t.value = E, t.setSelectionRange(a, a);
+      }
+    };
+    return ue ? /* @__PURE__ */ D(
+      "div",
+      {
+        className: `fieldshield-container${A ? ` ${A}` : ""}`,
+        style: g,
+        role: "group",
+        "aria-labelledby": C,
+        "data-disabled": R || void 0,
+        children: [
+          i && /* @__PURE__ */ d("label", { htmlFor: C, className: "fieldshield-label", children: i }),
+          /* @__PURE__ */ d("span", { id: j, className: "fieldshield-sr-only", children: "This field is protected. Sensitive data patterns will be detected and blocked from copying." }),
+          /* @__PURE__ */ d(
+            "input",
+            {
+              id: C,
+              ref: J,
+              type: "password",
+              className: "fieldshield-a11y-input",
+              placeholder: v,
+              onChange: pe,
+              onCopy: x,
+              onCut: x,
+              onPaste: X,
+              onFocus: s,
+              onBlur: I,
+              disabled: R,
+              required: T,
+              maxLength: U,
+              inputMode: l,
+              spellCheck: !1,
+              autoComplete: "off",
+              "aria-required": T,
+              "aria-label": i ? void 0 : w,
+              "aria-describedby": `${j} ${o ? _ : ""}`.trim(),
+              "aria-invalid": o ? "true" : "false",
+              "aria-errormessage": o ? _ : void 0
+            }
+          ),
+          /* @__PURE__ */ d(
+            "div",
+            {
+              id: _,
+              role: "status",
+              "aria-live": "polite",
+              "aria-atomic": "true",
+              className: "fieldshield-findings",
+              children: o && /* @__PURE__ */ D(le, { children: [
+                /* @__PURE__ */ d("span", { className: "fieldshield-warning-icon", "aria-hidden": "true", children: "⚠" }),
+                /* @__PURE__ */ D("span", { className: "fieldshield-warning-text", children: [
+                  "Sensitive data detected. Clipboard blocked for:",
+                  " "
+                ] }),
+                Z.map((e) => /* @__PURE__ */ d(
+                  "span",
+                  {
+                    className: "fieldshield-tag",
+                    "aria-label": `pattern: ${e}`,
+                    children: e
+                  },
+                  e
+                ))
+              ] })
+            }
+          )
+        ]
+      }
+    ) : /* @__PURE__ */ D(
+      "div",
+      {
+        className: `fieldshield-container${A ? ` ${A}` : ""}`,
+        style: g,
+        role: "group",
+        "aria-labelledby": C,
+        "data-disabled": R || void 0,
+        children: [
+          i && /* @__PURE__ */ d("label", { htmlFor: C, className: "fieldshield-label", children: i }),
+          /* @__PURE__ */ d("span", { id: j, className: "fieldshield-sr-only", children: "Sensitive field. Input is protected. Sensitive data patterns will be detected and blocked from copying." }),
+          /* @__PURE__ */ D("div", { className: "fieldshield-field-wrapper", children: [
+            /* @__PURE__ */ d(
+              "div",
+              {
+                className: `fieldshield-mask-layer${o ? " fieldshield-mask-unsafe" : ""}`,
+                "aria-hidden": "true",
+                children: V || /* @__PURE__ */ d("span", { className: "fieldshield-placeholder", children: v })
+              }
+            ),
+            n === "textarea" && /* @__PURE__ */ d(
+              "div",
+              {
+                ref: K,
+                className: "fieldshield-grow",
+                "aria-hidden": "true"
+              }
+            ),
+            n === "textarea" ? /* @__PURE__ */ d(
+              "textarea",
+              {
+                ref: ne,
+                id: C,
+                className: "fieldshield-real-input",
+                placeholder: v,
+                onChange: re,
+                onPaste: X,
+                onCopy: x,
+                onCut: x,
+                onFocus: s,
+                onBlur: I,
+                disabled: R,
+                required: T,
+                maxLength: U,
+                rows: m,
+                inputMode: l,
+                spellCheck: !1,
+                autoComplete: "off",
+                "aria-required": T,
+                "aria-label": o ? `${w} — sensitive data detected` : `${w} — protected input`,
+                "aria-describedby": `${j} ${o ? _ : ""}`.trim(),
+                "aria-invalid": o ? "true" : "false",
+                "aria-errormessage": o ? _ : void 0
+              }
+            ) : /* @__PURE__ */ d(
+              "input",
+              {
+                ref: J,
+                id: C,
+                type: "text",
+                className: "fieldshield-real-input",
+                placeholder: v,
+                onChange: re,
+                onPaste: X,
+                onCopy: x,
+                onCut: x,
+                onFocus: s,
+                onBlur: I,
+                disabled: R,
+                required: T,
+                maxLength: U,
+                inputMode: l,
+                spellCheck: !1,
+                autoComplete: "off",
+                "aria-required": T,
+                "aria-label": o ? `${w} — sensitive data detected` : `${w} — protected input`,
+                "aria-describedby": `${j} ${o ? _ : ""}`.trim(),
+                "aria-invalid": o ? "true" : "false",
+                "aria-errormessage": o ? _ : void 0
+              }
+            )
+          ] }),
+          /* @__PURE__ */ d(
+            "div",
+            {
+              id: _,
+              role: "status",
+              "aria-live": "polite",
+              "aria-atomic": "true",
+              className: "fieldshield-findings",
+              children: o && /* @__PURE__ */ D(le, { children: [
+                /* @__PURE__ */ d("span", { className: "fieldshield-warning-icon", "aria-hidden": "true", children: "⚠" }),
+                /* @__PURE__ */ D("span", { className: "fieldshield-warning-text", children: [
+                  "Sensitive data detected. Clipboard blocked for:",
+                  " "
+                ] }),
+                Z.map((e) => /* @__PURE__ */ d(
+                  "span",
+                  {
+                    className: "fieldshield-tag",
+                    "aria-label": `pattern: ${e}`,
+                    children: e
+                  },
+                  e
+                ))
+              ] })
+            }
+          )
+        ]
+      }
+    );
+  }
+);
+ve.displayName = "FieldShieldInput";
+const Ce = (i = {}) => {
+  const { maxEvents: n = 20 } = i, [v, h] = G([]), A = M(0), g = z(
+    (N) => {
+      const S = ++A.current, s = (/* @__PURE__ */ new Date()).toLocaleTimeString();
+      h(
+        (I) => [{ ...N, id: S, timestamp: s }, ...I].slice(0, n)
+      );
+    },
+    [n]
+  ), $ = z(
+    (N) => (S) => {
+      const s = N === "paste" ? "PASTE_DETECTED" : S.eventType === "cut" ? "CUT_BLOCKED" : "COPY_BLOCKED";
+      g({
+        field: S.fieldLabel,
+        type: s,
+        findings: S.findings,
+        detail: `${S.masked.slice(0, 32)}${S.masked.length > 32 ? "…" : ""}`
+      });
+    },
+    [g]
+  ), O = z(() => {
+    h([]), A.current = 0;
+  }, []);
+  return { events: v, pushEvent: g, makeClipboardHandler: $, clearLog: O };
+}, Te = async (i) => {
+  const n = Object.entries(i), v = await Promise.allSettled(
+    n.map(
+      ([, h]) => h.current?.getSecureValue() ?? Promise.resolve("")
+    )
+  );
+  return Object.fromEntries(
+    n.map(([h], A) => {
+      const g = v[A];
+      return g.status === "rejected" ? (console.warn(
+        `[FieldShield] collectSecureValues: field "${String(h)}" failed to retrieve value.`,
+        g.reason
+      ), [h, ""]) : [h, g.value];
+    })
+  );
+}, ke = (i) => {
+  Object.values(i).forEach((n) => n.current?.purge());
+};
+export {
+  te as FIELDSHIELD_PATTERNS,
+  ve as FieldShieldInput,
+  ye as OPT_IN_PATTERNS,
+  Te as collectSecureValues,
+  ke as purgeSecureValues,
+  Se as useFieldShield,
+  Ce as useSecurityLog
+};