logshield-cli 0.2.0 → 0.2.1

package/README.md

@@ -1,119 +1,101 @@
+---
 # LogShield
 
-**Safe log sanitization for developers.**
-
-LogShield is a lightweight, developer-focused utility to automatically redact secrets, tokens, credentials, and sensitive data from logs before they are stored, shared, or shipped.
-
-It is designed to be:
-- **Deterministic** – predictable behavior, no AI, no guesswork
-- **Safe by default** – minimal false positives in default mode
-- **Strict when needed** – aggressive redaction via `strict` mode
-- **Composable** – rule-based engine, easy to extend
+LogShield is a CLI tool to **redact sensitive data from logs** before sharing them with others, AI tools, or public channels.
 
+Designed to be safe by default, deterministic, and free of runtime dependencies.
 ---
 
-## Why LogShield?
+## Install
 
-Logs are copied everywhere: CI output, bug reports, Slack, tickets, LLM prompts.
+```bash
+npm install -g logshield-cli
+```
 
-One leaked key is enough to:
-- Compromise production systems
-- Invalidate compliance (GDPR, SOC2)
-- Burn trust instantly
+---
 
-LogShield exists to solve one problem extremely well:
+## Usage
 
-> **Make logs safe to share.**
+Scan a log file:
 
----
+```bash
+logshield scan app.log
+```
 
-## Features
-
-- Redacts common secrets:
-  - API keys
-  - Passwords
-  - JWT tokens
-  - Bearer tokens
-  - Stripe keys
-  - Cloud credentials (AWS, etc.)
-  - Credit cards (Luhn-validated)
-- Two modes:
-  - **Default**: conservative, low false positives
-  - **Strict**: aggressive, security-first
-- Snapshot-tested, contract-tested
-- Zero runtime dependencies
+Scan from stdin:
 
----
+```bash
+cat app.log | logshield scan
+```
 
-## Installation
+Strict mode (more aggressive):
 
 ```bash
-npm install logshield
+logshield scan app.log --strict
 ```
 
----
+JSON output:
 
-## Usage
-
-### Basic
+```bash
+logshield scan app.log --json
+```
 
-```ts
-import { sanitizeLog } from "logshield";
+Summary only (printed to stderr):
 
-const result = sanitizeLog("password=supersecret");
-console.log(result.output);
-// password=<REDACTED_PASSWORD>
+```bash
+logshield scan app.log --summary
 ```
 
-### Strict mode
+---
 
-```ts
-sanitizeLog(input, { strict: true });
-```
+## What Gets Redacted
+
+- API keys
+- Passwords
+- JWT tokens
+- `Bearer <TOKEN>` (always redacted)
+- Stripe keys
+- Cloud credentials (AWS, etc.)
+- Credit cards (Luhn-validated)
 
 ---
 
-## API
+## Modes
 
-### `sanitizeLog(input: string, options?)`
+### Default (recommended)
 
-Returns:
+- Conservative
+- Low false positives
+- Safe for sharing logs publicly
 
-```ts
-{
-  output: string;
-  matches: {
-    rule: string;
-    match: string;
-  }[];
-}
-```
+### Strict
 
-- `output` – sanitized log string
-- `matches` – what was redacted and why (for auditing/debugging)
+- Aggressive
+- Security-first
+- May redact more than necessary
 
 ---
 
-## Design Principles
+## Design Guarantees
 
-- **No heuristics** – explicit rules only
-- **No mutation magic** – transparent replacements
-- **Locked behavior** – breaking changes require intent
-
-This is a boring utility by design.
+- Deterministic output
+- Zero runtime dependencies
+- Snapshot-tested & contract-tested
+- No network calls
+- No telemetry
 
 ---
 
-## Roadmap
+## Example
 
-- CLI (`logshield scan file.log`)
-- GitHub Action
-- Pre-commit hook
-- Pro ruleset (enterprise patterns)
+```bash
+cat server.log | logshield scan --strict --summary
+```
 
 ---
 
 ## License
 
-MIT
+ISC
 
+---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "logshield-cli",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "type": "commonjs",
   "bin": {
     "logshield": "dist/cli/index.cjs"