npm - logshield-cli - Versions diffs - 0.4.2 → 0.4.4 - Mend

logshield-cli 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,100 +1,132 @@
-# Changelog
-## v0.4.2
-### Fixed
-- CLI errors are now written to stderr (CI-safe piping)
-- JSON output is newline-terminated
-- URL redaction is no longer overly aggressive; only credentials and sensitive parameters are redacted
-- PASSWORD redaction preserves original delimiter and spacing
-- Improved dry-run reporting consistency
-- Added contract tests for CLI output and URL behavior
-## v0.4.1
-### Fixed
-- Prevented secret leakage in `--json` output by removing raw match values from the public result shape
-- Forwarded `--dry-run` into the engine to ensure consistent, future-proof behavior
-### Improved
-- Expanded credential detection for common API key variants (`api_key`, `api-key`, `apikey`) and `Authorization: Bearer ...`
-- Hardened AWS secret key strict detection to reduce false positives while keeping strict mode safe
-### Notes
-- No breaking changes
-- No new features
-- Stability and safety hardening release
-## v0.4.0
-### Changed
-- License updated to Apache-2.0
-- README, website, and blog content aligned to reflect the new license and current project state
-### Notes
-- No engine or CLI behavior changes
-- No breaking changes
-## v0.3.6
-### Fixed
-- `--summary` output now correctly written to stderr (safe for piping & redirects)
-### Improved
-- CLI documentation clarity
-### Notes
-- No breaking changes
-## v0.3.5
-### Fixed
-- Corrected CLI version injection in built CJS output
-- Ensured published npm package reflects actual CLI version
-### Improved
-- Deterministic `--dry-run` report formatting (aligned, CI-safe)
-- Dry-run output now strictly non-contextual and stdout-only
-### Notes
-- No engine or rule behavior changes
-- Pure CLI/build correctness release
----
-## v0.3.4
-### Fixed
-- README CI badge link on npmjs.com
----
-## v0.3.3
-### Added
-- `--dry-run` mode to detect secrets without modifying output
-- CI-friendly detection workflow (`--dry-run --fail-on-detect`)
-### Improved
-- CLI UX consistency
-- README documentation clarity
-### Notes
-- No breaking changes
-- Engine behavior unchanged
+# Changelog
+## v0.4.4
+### Fixed
+- Expanded PASSWORD redaction to cover quoted values (including spaces) and JSON forms (`"password": "..."`)
+- Expanded DB URL credential redaction to cover additional common schemes (`redis://`, `mssql://`, and variants)
+### Notes
+- No breaking changes
+- Behavior is still deterministic; this release reduces false negatives in common log formats
+## v0.4.3
+### Fixed
+- Prevented API key redaction from corrupting header names (`x-api-key`)
+- Preserved key labels when redacting `api_key=...` values
+- Corrected CLI exit code for invalid flag combinations (`--json --dry-run` now exits with code 2)
+### Improved
+- Deterministic and aligned `--summary` output (alphabetical, indented)
+- Hardened CLI behavior with end-to-end golden tests
+- Strengthened regression coverage for rule overlap and precedence
+### Notes
+- No breaking changes
+- No new features
+- Hardening and correctness release
+## v0.4.2
+### Fixed
+- CLI errors are now written to stderr (CI-safe piping)
+- JSON output is newline-terminated
+- URL redaction is no longer overly aggressive; only credentials and sensitive parameters are redacted
+- PASSWORD redaction preserves original delimiter and spacing
+- Improved dry-run reporting consistency
+- Added contract tests for CLI output and URL behavior
+## v0.4.1
+### Fixed
+- Prevented secret leakage in `--json` output by removing raw match values from the public result shape
+- Forwarded `--dry-run` into the engine to ensure consistent, future-proof behavior
+### Improved
+- Expanded credential detection for common API key variants (`api_key`, `api-key`, `apikey`) and `Authorization: Bearer ...`
+- Hardened AWS secret key strict detection to reduce false positives while keeping strict mode safe
+### Notes
+- No breaking changes
+- No new features
+- Stability and safety hardening release
+## v0.4.0
+### Changed
+- License updated to Apache-2.0
+- README, website, and blog content aligned to reflect the new license and current project state
+### Notes
+- No engine or CLI behavior changes
+- No breaking changes
+## v0.3.6
+### Fixed
+- `--summary` output now correctly written to stderr (safe for piping & redirects)
+### Improved
+- CLI documentation clarity
+### Notes
+- No breaking changes
+## v0.3.5
+### Fixed
+- Corrected CLI version injection in built CJS output
+- Ensured published npm package reflects actual CLI version
+### Improved
+- Deterministic `--dry-run` report formatting (aligned, CI-safe)
+- Dry-run output now strictly non-contextual and stdout-only
+### Notes
+- No engine or rule behavior changes
+- Pure CLI/build correctness release
+---
+## v0.3.4
+### Fixed
+- README CI badge link on npmjs.com
+---
+## v0.3.3
+### Added
+- `--dry-run` mode to detect secrets without modifying output
+- CI-friendly detection workflow (`--dry-run --fail-on-detect`)
+### Improved
+- CLI UX consistency
+- README documentation clarity
+### Notes
+- No breaking changes
+- Engine behavior unchanged

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 [![npm downloads](https://img.shields.io/npm/dm/logshield-cli)](https://www.npmjs.com/package/logshield-cli)
 [![CI](https://github.com/afria85/LogShield/actions/workflows/ci.yml/badge.svg)](https://github.com/afria85/LogShield/actions/workflows/ci.yml)
-Your logs already contain secrets. You just don’t see them.
+Your logs already contain secrets. You just don't see them.
 LogShield is a small CLI that automatically redacts secrets from logs **before**
 you paste them into CI, GitHub issues, Slack, or send them to third-party support.
@@ -55,22 +55,28 @@ Use LogShield whenever logs leave your system:
 ```bash
 # Preview what would be redacted (does not modify output)
-echo "email=test@example.com token=sk_live_123" | logshield scan --dry-run
+echo "email=test@example.com Authorization: Bearer abcdefghijklmnop" | logshield scan --dry-run
 ```
 ```
 logshield (dry-run)
 Detected 2 redactions:
-  EMAIL               x1
-  STRIPE_SECRET_KEY   x1
+  AUTH_BEARER          x1
+  EMAIL                x1
 No output was modified.
 Use without --dry-run to apply.
 ```
+Notes:
+- The report is printed to stdout
+- No log content is echoed
+- Output is deterministic and CI-safe
 ```bash
 # Enforce redaction (sanitized output)
-echo "email=test@example.com token=sk_live_123" | logshield scan
+echo "email=test@example.com Authorization: Bearer abcdefghijklmnop" | logshield scan
 ```
 - Prefer `--dry-run` first in CI to verify you are not over-redacting.
@@ -140,8 +146,8 @@ Examples:
 ```
 <REDACTED_PASSWORD>
-<REDACTED_API_KEY_HEADER>
-<REDACTED_AUTH_BEARER>
+<REDACTED_API_KEY>
+<REDACTED_TOKEN>
 <REDACTED_EMAIL>
 ```
@@ -247,8 +253,8 @@ cat app.log | logshield scan --dry-run
 ```
 logshield (dry-run)
-Detected 5 redactions:
-  AUTH_BEARER          x2
+Detected 4 redactions:
+  AUTH_BEARER          x1
   EMAIL                x1
   OAUTH_ACCESS_TOKEN   x1
   PASSWORD             x1
@@ -345,10 +351,16 @@ Example:
 ```
 LogShield Summary
-PASSWORD: 2
-API_KEY_HEADER: 1
+  API_KEY_HEADER  x1
+  PASSWORD        x2
 ```
+Notes:
+- Sanitized log output is written to stdout
+- The summary is written to stderr
+- Rules are sorted alphabetically
 ---
 ## JSON output
@@ -362,17 +374,18 @@ logshield scan --json < logs.txt
 Notes:
 - `--json` **cannot** be combined with `--dry-run`
-- Output schema is stable within v0.4.x
+- Usage errors exit with code `2`
+- Output is always newline-terminated
 ---
 ## Exit codes
-| Code | Meaning                              |
-| ---: | ------------------------------------ |
-|    0 | Success / no detection               |
-|    1 | Detection found (`--fail-on-detect`) |
-|    2 | Runtime or input error               |
+| Code | Meaning                                       |
+| ---: | --------------------------------------------- |
+|    0 | Success (detection does not change exit code) |
+|    1 | Detection found (`--fail-on-detect`)          |
+|    2 | Runtime or input error                        |
 ---
@@ -380,13 +393,13 @@ Notes:
 Depending on rules and mode:
-- Passwords
+- Passwords (supports quoted and JSON forms)
 - API key headers
 - Authorization bearer tokens
 - JWTs
 - Emails
 - URLs with embedded credentials
-- Database credentials
+- Database credentials (including redis:// and mssql://)
 - Cloud provider credentials
 - Credit card numbers (Luhn-validated)

package/dist/cli/index.cjs CHANGED Viewed

@@ -87,33 +87,25 @@ __export(summary_exports, {
   printSummary: () => printSummary
 });
 function printSummary(matches) {
-  if (!matches || matches.length === 0) {
-    process.stderr.write("logshield: no redactions detected\n");
+  if (!matches.length) {
+    process.stderr.write("LogShield Summary\n(no redactions detected)\n");
     return;
   }
-  const counter = {};
+  const counts = {};
   for (const m of matches) {
-    counter[m.rule] = (counter[m.rule] || 0) + 1;
+    counts[m.rule] = (counts[m.rule] ?? 0) + 1;
   }
-  const entries = Object.entries(counter).map(([rule, count]) => ({ rule, count })).sort((a, b) => {
-    if (b.count !== a.count) return b.count - a.count;
-    return a.rule.localeCompare(b.rule);
-  });
-  const maxLen = Math.max(...entries.map((e) => e.rule.length));
-  const total = matches.length;
-  const label = total === 1 ? "redaction" : "redactions";
-  process.stderr.write(`logshield summary: ${total} ${label}
+  const rules = Object.keys(counts).sort((a, b) => a.localeCompare(b));
+  const maxNameLen = Math.max(...rules.map((r) => r.length));
+  process.stderr.write("LogShield Summary\n");
+  for (const rule of rules) {
+    const padded = rule.padEnd(maxNameLen, " ");
+    process.stderr.write(`  ${padded}  x${counts[rule]}
 `);
-  for (const { rule, count } of entries) {
-    process.stderr.write(
-      `  ${rule.padEnd(maxLen)}  x${count}
-`
-    );
   }
 }
 var init_summary = __esm({
   "src/cli/summary.ts"() {
-    "use strict";
   }
 });
@@ -208,15 +200,38 @@ var init_credentials = __esm({
         // Examples:
         //   password=secret  -> password=<REDACTED_PASSWORD>
         //   Password : 123   -> Password : <REDACTED_PASSWORD>
-        pattern: /\b(password)(\s*[:=]\s*)([^\s]+)/gi,
-        replace: (_match, _ctx, groups) => `${groups[0]}${groups[1]}<REDACTED_PASSWORD>`
+        // Supports quoted keys/values and JSON forms:
+        //   password="secret value"        -> password="<REDACTED_PASSWORD>"
+        //   "password": "secret value"    -> "password": "<REDACTED_PASSWORD>"
+        // NOTE: for unquoted values, we stop at whitespace and common JSON delimiters.
+        pattern: /\b(["']?password["']?)(\s*[:=]\s*)(?:(["'])([^"'\r\n]*?)\3|([^\s,}\]]+))/gi,
+        replace: (_match, _ctx, groups) => {
+          const key = groups[0];
+          const delim = groups[1];
+          const quote = groups[2];
+          if (quote) {
+            return `${key}${delim}${quote}<REDACTED_PASSWORD>${quote}`;
+          }
+          return `${key}${delim}<REDACTED_PASSWORD>`;
+        }
       },
       // DB URL credential: postgres://user:pass@host
       {
         name: "DB_URL_CREDENTIAL",
-        pattern: /\b(postgres|mysql|mongodb):\/\/([^:\s]+):([^@\s]+)@/gi,
+        // Support the most common DB/cache schemes.
+        // This focuses only on the user:pass@ authority portion.
+        pattern: /\b(postgres(?:ql)?|mysql|mariadb|mongodb(?:\+srv)?|redis|rediss|mssql|sqlserver):\/\/([^:\s]+):([^@\s]+)@/gi,
         replace: (_match, _ctx, groups) => `${groups[0]}://${groups[1]}:<REDACTED_PASSWORD>@`
       },
+      // x-api-key: ....
+      // IMPORTANT: this must run BEFORE the generic API_KEY rule. Otherwise the
+      // generic API_KEY rule can match the "api-key: <value>" substring first and
+      // corrupt the header name (e.g. "x-api-key" -> "x-").
+      {
+        name: "API_KEY_HEADER",
+        pattern: /\bx-api-key\s*:\s*["']?[A-Za-z0-9_\-]{16,}["']?\b/gi,
+        replace: () => "x-api-key: <REDACTED_API_KEY>"
+      },
       /**
        * API key (common variants):
        * - apiKey=...
@@ -224,23 +239,19 @@ var init_credentials = __esm({
        * - api-key: ...
        * - apikey=...
        * Supports '=' or ':' and optional quotes/spaces.
+       *
+       * NOTE:
+       * Do NOT try to handle "Authorization: Bearer ..." here; that causes overlap
+       * with token rules. Token redaction is handled in tokens.ts.
        */
       {
         name: "API_KEY",
-        pattern: /\bapi(?:[_-]?key)\s*[:=]\s*["']?([A-Za-z0-9_\-]{16,})["']?\b/gi,
-        replace: () => "<REDACTED_API_KEY>"
-      },
-      // x-api-key: ....
-      {
-        name: "API_KEY_HEADER",
-        pattern: /\bx-api-key\s*:\s*["']?[A-Za-z0-9_\-]{16,}["']?\b/gi,
-        replace: () => "x-api-key: <REDACTED_API_KEY>"
-      },
-      // authorization: Bearer ...
-      {
-        name: "AUTHORIZATION_BEARER",
-        pattern: /\bauthorization\s*:\s*bearer\s+([A-Za-z0-9._\-]{16,})\b/gi,
-        replace: () => "authorization: Bearer <REDACTED_TOKEN>"
+        // Preserve the key label + delimiter, redact only the value.
+        // Examples:
+        //   api_key=abcdef... -> api_key=<REDACTED_API_KEY>
+        //   api-key: "abcdef..." -> api-key: "<REDACTED_API_KEY>"
+        pattern: /\b(api(?:[_-]?key)\s*[:=]\s*["']?)([A-Za-z0-9_\-]{16,})(["']?)\b/gi,
+        replace: (_match, _ctx, groups) => `${groups[0]}<REDACTED_API_KEY>${groups[2]}`
       }
     ];
   }
@@ -512,7 +523,7 @@ var { printSummary: printSummary2 } = (init_summary(), __toCommonJS(summary_expo
 var { sanitizeLog: sanitizeLog2 } = (init_sanitizeLog(), __toCommonJS(sanitizeLog_exports));
 var rawArgs = process.argv.slice(2).map((arg) => arg === "-h" ? "--help" : arg);
 function getVersion() {
-  return true ? "0.4.2" : "unknown";
+  return true ? "0.4.4" : "unknown";
 }
 function printHelp() {
   process.stdout.write(`Usage: logshield scan [file]
@@ -580,6 +591,10 @@ function renderDryRunReport(matches) {
   process.stdout.write("No output was modified.\n");
   process.stdout.write("Use without --dry-run to apply.\n");
 }
+function exitUsageError(message) {
+  writeErr(message.endsWith("\n") ? message : message + "\n");
+  process.exit(2);
+}
 async function main() {
   if (rawArgs.length === 0 || rawArgs.includes("--help")) {
     printHelp();
@@ -593,8 +608,7 @@ async function main() {
   const { flags, positionals } = parseArgs(rawArgs);
   const command = positionals[0];
   if (command !== "scan") {
-    writeErr("Unknown command\n");
-    process.exit(1);
+    exitUsageError("Unknown command");
   }
   const file = positionals[1];
   const strict = flags.has("--strict");
@@ -606,16 +620,13 @@ async function main() {
   const stdinAuto = isStdinPiped();
   const useStdin = stdinFlag || stdinAuto;
   if (useStdin && file) {
-    writeErr("Cannot read from both STDIN and file\n");
-    process.exit(1);
+    exitUsageError("Cannot read from both STDIN and file");
   }
   if (dryRun && json) {
-    writeErr("--dry-run cannot be used with --json\n");
-    process.exit(1);
+    exitUsageError("--dry-run cannot be used with --json");
   }
   if (json && summary) {
-    writeErr("--summary cannot be used with --json\n");
-    process.exit(1);
+    exitUsageError("--summary cannot be used with --json");
   }
   try {
     const input = await readInput2(useStdin ? void 0 : file);

package/dist/features.jsx CHANGED Viewed

@@ -45,7 +45,7 @@ function FeaturesPage() {
         },
         {
           title: "No Tracking",
-          description: "We use privacy-friendly analytics (Plausible) with no cookies or personal data collection."
+          description: "We use minimal Google Analytics configuration for basic traffic insights."
         }
       ]
     },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "logshield-cli",
-  "version": "0.4.2",
+  "version": "0.4.4",
   "license": "Apache-2.0",
   "type": "commonjs",
   "bin": {
@@ -20,7 +20,8 @@
     "typecheck": "tsc -p tsconfig.core.json && tsc -p tsconfig.cli.json --noEmit",
     "pretest": "npm run build",
     "test": "vitest",
-    "prepublishOnly": "npm run build"
+    "prepublish:check": "npm run typecheck && npm test",
+    "prepublishOnly": "npm run prepublish:check"
   },
   "devDependencies": {
     "@types/node": "^25.0.3",

package/dist/privacy.html DELETED Viewed

@@ -1,217 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Privacy Policy - LogShield</title>
-  <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', sans-serif;
-      line-height: 1.6;
-      color: #333;
-      background: linear-gradient(to bottom right, #f8fafc, #e0f2fe);
-      min-height: 100vh;
-      padding: 20px;
-    }
-    .container {
-      max-width: 800px;
-      margin: 0 auto;
-      background: white;
-      padding: 40px;
-      border-radius: 12px;
-      box-shadow: 0 4px 6px rgba(0,0,0,0.1);
-    }
-    .back-button {
-      display: inline-flex;
-      align-items: center;
-      gap: 8px;
-      padding: 10px 20px;
-      background: #3b82f6;
-      color: white;
-      text-decoration: none;
-      border-radius: 6px;
-      font-size: 14px;
-      font-weight: 500;
-      transition: background 0.2s;
-      margin-bottom: 30px;
-    }
-    .back-button:hover { background: #2563eb; }
-    h1 { color: #1e40af; font-size: 32px; margin-bottom: 10px; }
-    .last-updated { color: #6b7280; font-size: 14px; margin-bottom: 30px; }
-    h2 { color: #3b82f6; font-size: 24px; margin: 30px 0 15px; }
-    h3 { font-size: 18px; color: #1f2937; margin: 20px 0 10px; }
-    p, li { margin-bottom: 15px; color: #4b5563; }
-    ul { margin-left: 30px; }
-    strong { color: #1f2937; }
-    .highlight { background: #fef3c7; padding: 15px; border-left: 4px solid #f59e0b; margin: 20px 0; border-radius: 4px; }
-    .entity-info { background: #f0f9ff; padding: 15px; border-left: 4px solid #3b82f6; margin: 20px 0; border-radius: 4px; }
-    @media (max-width: 768px) {
-      .container { padding: 20px; }
-      h1 { font-size: 24px; }
-      h2 { font-size: 20px; }
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <a href="/" class="back-button">
-      <svg width="16" height="16" viewBox="0 0 16 16" fill="none">
-        <path d="M10 12L6 8L10 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
-      </svg>
-      Back to LogShield
-    </a>
-    <h1>Privacy Policy</h1>
-    <p class="last-updated"><strong>Last updated:</strong> December 10, 2025</p>
-    <!-- CRITICAL: Entity Information for Paddle -->
-    <div class="entity-info">
-      <strong>Data Controller:</strong> This Privacy Policy describes how <strong>Hendra Afria</strong>, operating as <strong>LogShield</strong>, collects, uses, and protects your information when you use our log sanitization service.
-    </div>
-    <div class="highlight">
-      <strong>&#128274; Privacy First:</strong> LogShield processes all your log data entirely in your browser. We never see, store, or transmit your sensitive data to our servers.
-    </div>
-    <h2>1. Information We Collect</h2>
-    <h3>a) Account Information</h3>
-    <ul>
-      <li>Email address (for account creation and communication)</li>
-      <li>Display name (optional)</li>
-      <li>Payment information (processed securely by Paddle, we never see full card details)</li>
-    </ul>
-    <h3>b) Usage Data</h3>
-    <ul>
-      <li>Anonymous analytics via Plausible (privacy-friendly, GDPR-compliant)</li>
-      <li>Feature usage statistics (aggregated, non-identifying)</li>
-      <li>Error logs for debugging (no personal data included)</li>
-    </ul>
-    <h3>c) What We DON'T Collect</h3>
-    <ul>
-      <li><strong>Your log data</strong> - processed 100% client-side in your browser</li>
-      <li><strong>Tracking cookies</strong> - we don't use them</li>
-      <li><strong>Browsing history</strong></li>
-      <li><strong>Device fingerprints</strong></li>
-    </ul>
-    <h2>2. How We Use Your Information</h2>
-    <p>We use collected information solely to:</p>
-    <ul>
-      <li>Provide and improve the Service</li>
-      <li>Process payments and manage subscriptions</li>
-      <li>Send important service updates and security alerts</li>
-      <li>Respond to support requests</li>
-      <li>Analyze usage patterns (anonymously) to improve features</li>
-    </ul>
-    <h2>3. Client-Side Processing</h2>
-    <p><strong>This is our core privacy commitment:</strong></p>
-    <p>All log sanitization happens entirely in your browser using JavaScript. When you paste or upload logs:</p>
-    <ul>
-      <li>&#x2705; Data stays in your browser's memory</li>
-      <li>&#x2705; Sanitization patterns are applied locally</li>
-      <li>&#x2705; No network transmission of your log content</li>
-      <li>&#x2705; No server-side storage of your logs</li>
-      <li>&#x2705; Data cleared when you close the tab</li>
-    </ul>
-    <h2>4. Third-Party Services</h2>
-    <h3>Paddle (Payment Processing)</h3>
-    <ul>
-      <li>Handles all payment transactions</li>
-      <li>PCI-DSS Level 1 compliant</li>
-      <li>We never see your full credit card details</li>
-      <li>Privacy policy: <a href="https://paddle.com/privacy" style="color: #3b82f6;">paddle.com/privacy</a></li>
-    </ul>
-    <h3>Plausible Analytics</h3>
-    <ul>
-      <li>Privacy-friendly, GDPR-compliant analytics</li>
-      <li>No cookies, no personal data collection</li>
-      <li>Only tracks aggregated page views and referrers</li>
-      <li>Open source: <a href="https://plausible.io" style="color: #3b82f6;">plausible.io</a></li>
-    </ul>
-    <h3>Vercel (Hosting)</h3>
-    <ul>
-      <li>Hosts our website infrastructure</li>
-      <li>Standard server logs only (IP, user agent, timestamp)</li>
-      <li>Privacy policy: <a href="https://vercel.com/legal/privacy-policy" style="color: #3b82f6;">vercel.com/legal/privacy-policy</a></li>
-    </ul>
-    <h2>5. Data Storage and Security</h2>
-    <p><strong>What we store:</strong></p>
-    <ul>
-      <li>Account details (encrypted at rest)</li>
-      <li>Subscription status</li>
-      <li>User preferences (in browser localStorage)</li>
-    </ul>
-    <p><strong>What we don't store:</strong></p>
-    <ul>
-      <li>Your log content</li>
-      <li>Sanitized output</li>
-      <li>Custom patterns you create</li>
-    </ul>
-    <h2>6. Your Rights (GDPR & CCPA)</h2>
-    <p>You have the right to:</p>
-    <ul>
-      <li><strong>Access:</strong> Request a copy of your data</li>
-      <li><strong>Rectification:</strong> Correct inaccurate information</li>
-      <li><strong>Erasure:</strong> Request account and data deletion</li>
-      <li><strong>Data Portability:</strong> Download your data in portable format</li>
-      <li><strong>Object:</strong> Object to data processing</li>
-      <li><strong>Withdraw Consent:</strong> Opt-out of marketing emails anytime</li>
-    </ul>
-    <p>To exercise these rights, email: <strong><a href="mailto:hello@logshield.dev" style="color: inherit; text-decoration: none;">hello@logshield.dev</a></strong></p>
-    <h2>7. Data Retention</h2>
-    <ul>
-      <li>Account data: Retained while account is active</li>
-      <li>After deletion: Permanently removed within 30 days</li>
-      <li>Backups: Deleted from backups within 90 days</li>
-      <li>Legal requirements: Retained only if mandated by law</li>
-    </ul>
-    <h2>8. Cookies</h2>
-    <p>We use minimal, essential cookies only:</p>
-    <ul>
-      <li><strong>Authentication cookie:</strong> Keeps you logged in (httpOnly, secure)</li>
-      <li><strong>Preferences:</strong> Stored in localStorage (not transmitted to servers)</li>
-      <li><strong>No tracking or advertising cookies</strong></li>
-    </ul>
-    <h2>9. International Data Transfers</h2>
-    <p>LogShield operates globally. Your account data may be processed in:</p>
-    <ul>
-      <li>Indonesia (primary business location)</li>
-      <li>Germany (development)</li>
-      <li>United States (hosting via Vercel)</li>
-    </ul>
-    <p>We ensure adequate safeguards for international transfers per GDPR Article 46.</p>
-    <h2>10. Children's Privacy</h2>
-    <p>LogShield is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately for removal.</p>
-    <h2>11. Changes to This Policy</h2>
-    <p>We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on the Service. Continued use after changes constitutes acceptance of the updated policy.</p>
-    <h2>12. Contact Us</h2>
-    <p>Questions or concerns about privacy?</p>
-    <p><strong>Email:</strong> <a href="mailto:hello@logshield.dev" style="color: inherit;">hello@logshield.dev</a></p>
-    <p><strong>Response time:</strong> Within 48 hours</p>
-    <p><strong>Website:</strong> <a href="https://logshield.dev" style="color: inherit;">https://logshield.dev</a></p>
-    <div style="margin-top: 40px; padding-top: 20px; border-top: 1px solid #e5e7eb;">
-      <a href="/" class="back-button">Back to LogShield</a>
-    </div>
-  </div>
-</body>
-</html>

package/dist/refund.html DELETED Viewed

@@ -1,221 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Refund Policy - LogShield</title>
-  <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', sans-serif;
-      line-height: 1.6;
-      color: #333;
-      background: linear-gradient(to bottom right, #f8fafc, #e0f2fe);
-      min-height: 100vh;
-      padding: 20px;
-    }
-    .container {
-      max-width: 800px;
-      margin: 0 auto;
-      background: white;
-      padding: 40px;
-      border-radius: 12px;
-      box-shadow: 0 4px 6px rgba(0,0,0,0.1);
-    }
-    .back-button {
-      display: inline-flex;
-      align-items: center;
-      gap: 8px;
-      padding: 10px 20px;
-      background: #3b82f6;
-      color: white;
-      text-decoration: none;
-      border-radius: 6px;
-      font-size: 14px;
-      font-weight: 500;
-      transition: background 0.2s;
-      margin-bottom: 30px;
-    }
-    .back-button:hover { background: #2563eb; }
-    h1 { color: #1e40af; font-size: 32px; margin-bottom: 10px; }
-    .last-updated { color: #6b7280; font-size: 14px; margin-bottom: 30px; }
-    h2 { color: #3b82f6; font-size: 24px; margin: 30px 0 15px; }
-    h3 { font-size: 18px; color: #1f2937; margin: 20px 0 10px; }
-    p, li { margin-bottom: 15px; color: #4b5563; }
-    ul, ol { margin-left: 30px; }
-    strong { color: #1f2937; }
-    .guarantee-box { background: #d1fae5; padding: 20px; border-left: 4px solid #10b981; margin: 20px 0; border-radius: 4px; }
-    .entity-info { background: #f0f9ff; padding: 15px; border-left: 4px solid #3b82f6; margin: 20px 0; border-radius: 4px; }
-    @media (max-width: 768px) {
-      .container { padding: 20px; }
-      h1 { font-size: 24px; }
-      h2 { font-size: 20px; }
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <a href="/" class="back-button">
-      <svg width="16" height="16" viewBox="0 0 16 16" fill="none">
-        <path d="M10 12L6 8L10 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
-      </svg>
-      Back to LogShield
-    </a>
-    <h1>Refund Policy</h1>
-    <p class="last-updated"><strong>Last updated:</strong> December 10, 2025</p>
-    <!-- CRITICAL: Entity Information for Paddle -->
-    <div class="entity-info">
-      <strong>Refund Provider:</strong> This refund policy applies to all paid subscriptions for LogShield, a service operated by <strong>Hendra Afria</strong> ("LogShield", "we", "us", or "our").
-    </div>
-    <div class="guarantee-box">
-      <h2 style="margin-top: 0; color: #065f46;">&#x1F49A; 14-Day Money-Back Guarantee</h2>
-      <p style="margin-bottom: 0; color: #047857;">We're confident you'll love LogShield. If you're not satisfied for any reason, we offer a full refund within 14 days of purchase?no questions asked.</p>
-    </div>
-    <h2>1. Refund Eligibility</h2>
-    <h3>&#x2705; Eligible for Full Refund:</h3>
-    <ul>
-      <li>Refund requests made within <strong>14 days</strong> of purchase</li>
-      <li>First-time LogShield subscription (new customers)</li>
-      <li>Technical issues preventing service use</li>
-      <li>Service not functioning as described</li>
-      <li>Accidental duplicate purchases</li>
-      <li>General dissatisfaction with the service</li>
-    </ul>
-    <h3>&#x274C; Not Eligible for Refund:</h3>
-    <ul>
-      <li>Refund requests after <strong>14 days</strong> of purchase</li>
-      <li>Violations of our Terms of Service</li>
-      <li>Abusive or fraudulent use of the service</li>
-      <li>Lifetime licenses after <strong>30 days</strong> of purchase</li>
-      <li>Subscription renewal charges (must cancel before renewal date)</li>
-    </ul>
-    <h2>2. How to Request a Refund</h2>
-    <p>To request a refund, please follow these steps:</p>
-    <ol>
-      <li><strong>Email us:</strong> <a href="mailto:hello@logshield.dev" style="color: inherit;">hello@logshield.dev</a></li>
-      <li><strong>Subject line:</strong> "Refund Request - [Your Order Number]"</li>
-      <li><strong>Include in your email:</strong>
-        <ul style="margin-top: 10px;">
-          <li>Order number or transaction ID</li>
-          <li>Email address used for purchase</li>
-          <li>Brief reason for refund (optional but appreciated)</li>
-        </ul>
-      </li>
-      <li><strong>Our response:</strong> Within 24 hours</li>
-      <li><strong>Refund processing:</strong> 5-7 business days after approval</li>
-    </ol>
-    <h2>3. Refund Processing Timeline</h2>
-    <ul>
-      <li><strong>Initial response:</strong> Within 24 hours of your request</li>
-      <li><strong>Approval decision:</strong> Usually immediate (within 14-day window)</li>
-      <li><strong>Refund processing:</strong> 5-7 business days</li>
-      <li><strong>Credit to account:</strong> Refunded to original payment method</li>
-      <li><strong>Bank processing:</strong> Additional 3-5 business days (varies by bank)</li>
-    </ul>
-    <h2>4. Subscription Cancellation</h2>
-    <p>You can cancel your LogShield subscription at any time:</p>
-    <ul>
-      <li><strong>How to cancel:</strong> Account settings ? Subscription ? Cancel Subscription</li>
-      <li><strong>Effect:</strong> No future charges will be made</li>
-      <li><strong>Access:</strong> Service continues until end of current billing period</li>
-      <li><strong>Data retention:</strong> Account data retained for 30 days, then permanently deleted</li>
-    </ul>
-    <p><strong>Important:</strong> Cancellation does not automatically trigger a refund. To receive a refund for your current billing period, you must request it within 14 days of purchase using the process above.</p>
-    <h2>5. Special Cases</h2>
-    <h3>Lifetime License</h3>
-    <ul>
-      <li><strong>Refund window:</strong> 30 days from purchase (extended from standard 14 days)</li>
-      <li><strong>After 30 days:</strong> Non-refundable</li>
-      <li><strong>Rationale:</strong> One-time purchases are final after the extended trial period</li>
-    </ul>
-    <h3>Team Plans</h3>
-    <ul>
-      <li>Same 14-day refund window applies</li>
-      <li>Refund covers the entire team subscription</li>
-      <li>All team members will lose access upon refund</li>
-    </ul>
-    <h3>Annual Subscriptions</h3>
-    <ul>
-      <li>14-day full refund from original purchase date</li>
-      <li>After 14 days: No refund available, but can cancel to prevent next year's charge</li>
-    </ul>
-    <h3>Promotional Discounts</h3>
-    <ul>
-      <li>Refund amount: The actual amount you paid (after discount applied)</li>
-      <li>Discount codes cannot be reused after refund is processed</li>
-    </ul>
-    <h2>6. Partial Refunds</h2>
-    <p>We may offer partial refunds in exceptional circumstances:</p>
-    <ul>
-      <li>Extended service downtime (>24 consecutive hours)</li>
-      <li>Critical feature unavailability affecting your use case</li>
-      <li>Pro-rated refund for unused subscription time (evaluated case-by-case)</li>
-    </ul>
-    <p>Contact us at hello@logshield.dev to discuss partial refund eligibility.</p>
-    <h2>7. Chargebacks</h2>
-    <p><strong>Please contact us before filing a chargeback with your bank.</strong></p>
-    <ul>
-      <li>Chargebacks result in immediate account termination</li>
-      <li>We're committed to resolving refund issues fairly and quickly</li>
-      <li>Most refund requests are approved within hours during the eligible period</li>
-      <li>Chargebacks incur additional processing fees we must pay to payment processors</li>
-    </ul>
-    <p>We value your satisfaction and will work with you to resolve any billing concerns.</p>
-    <h2>8. Our Refund Commitment</h2>
-    <p><strong>This is our core commitment to you:</strong></p>
-    <p>We strive to make our refund process as transparent and straightforward as possible:</p>
-    <ul>
-      <li><strong>Transparency:</strong> Clear eligibility criteria and timelines</li>
-      <li><strong>Fairness:</strong> Consistent application of policy to all customers</li>
-      <li><strong>Communication:</strong> Regular updates throughout the refund process</li>
-      <li><strong>Respect:</strong> Courteous treatment of all refund requests</li>
-    </ul>
-    <p>Our goal is your satisfaction. If LogShield isn't the right fit for your needs, we'll process your refund promptly and without unnecessary obstacles.</p>
-    <h2>9. Policy Updates</h2>
-    <p>We may update this Refund Policy periodically. We will notify you of significant changes via email or prominent notice on the Service. Continued use after changes constitutes acceptance of the updated policy.</p>
-    <ul>
-      <li>Minor updates: Posted on our website with updated "Last updated" date</li>
-      <li>Major updates: Notified via email 30 days before changes take effect</li>
-      <li>Existing customers: Refund requests are processed under the policy in effect at time of purchase</li>
-    </ul>
-    <h2>10. Governing Law</h2>
-    <p>This Refund Policy is governed by and construed in accordance with the laws of <strong>Indonesia</strong>, without regard to its conflict of law principles. Any disputes arising from refund requests shall be subject to the exclusive jurisdiction of the courts located in <strong>Jakarta, Indonesia</strong>.</p>
-    <p>For customers in the European Union, this policy is without prejudice to any mandatory statutory rights you may have under applicable consumer protection laws.</p>
-    <h2>11. Contact Us</h2>
-    <p>Questions or concerns about refunds?</p>
-    <p><strong>Email:</strong> <a href="mailto:hello@logshield.dev" style="color: inherit;">hello@logshield.dev</a></p>
-    <p><strong>Response time:</strong> Within 24 hours</p>
-    <p><strong>Website:</strong> <a href="https://logshield.dev" style="color: inherit;">https://logshield.dev</a></p>
-    <div style="margin-top: 40px; padding-top: 20px; border-top: 1px solid #e5e7eb;">
-      <a href="/" class="back-button">
-        <svg width="16" height="16" viewBox="0 0 16 16" fill="none">
-          <path d="M10 12L6 8L10 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
-        </svg>
-        Back to LogShield
-      </a>
-    </div>
-  </div>
-</body>
-</html>

package/dist/terms.html DELETED Viewed

@@ -1,140 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Terms of Service - LogShield</title>
-  <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', sans-serif;
-      line-height: 1.6;
-      color: #333;
-      background: linear-gradient(to bottom right, #f8fafc, #e0f2fe);
-      min-height: 100vh;
-      padding: 20px;
-    }
-    .container {
-      max-width: 800px;
-      margin: 0 auto;
-      background: white;
-      padding: 40px;
-      border-radius: 12px;
-      box-shadow: 0 4px 6px rgba(0,0,0,0.1);
-    }
-    .back-button {
-      display: inline-flex;
-      align-items: center;
-      gap: 8px;
-      padding: 10px 20px;
-      background: #3b82f6;
-      color: white;
-      text-decoration: none;
-      border-radius: 6px;
-      font-size: 14px;
-      font-weight: 500;
-      transition: background 0.2s;
-      margin-bottom: 30px;
-    }
-    .back-button:hover { background: #2563eb; }
-    h1 { color: #1e40af; font-size: 32px; margin-bottom: 10px; }
-    .last-updated { color: #6b7280; font-size: 14px; margin-bottom: 30px; }
-    h2 { color: #3b82f6; font-size: 24px; margin: 30px 0 15px; }
-    p, li { margin-bottom: 15px; color: #4b5563; }
-    ul { margin-left: 30px; }
-    strong { color: #1f2937; }
-    .entity-info { background: #f0f9ff; padding: 15px; border-left: 4px solid #3b82f6; margin: 20px 0; border-radius: 4px; }
-    @media (max-width: 768px) {
-      .container { padding: 20px; }
-      h1 { font-size: 24px; }
-      h2 { font-size: 20px; }
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <a href="/" class="back-button">
-      <svg width="16" height="16" viewBox="0 0 16 16" fill="none">
-        <path d="M10 12L6 8L10 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
-      </svg>
-      Back to LogShield
-    </a>
-    <h1>Terms of Service</h1>
-    <p class="last-updated"><strong>Last updated:</strong> December 10, 2025</p>
-    <!-- CRITICAL: Entity Information for Paddle -->
-    <div class="entity-info">
-      <strong>Service Provider:</strong> These Terms of Service govern your use of LogShield, a log sanitization service operated by <strong>Hendra Afria</strong> ("LogShield", "we", "us", or "our").
-    </div>
-    <h2>1. Agreement to Terms</h2>
-    <p>By accessing and using LogShield ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use the Service.</p>
-    <h2>2. Service Description</h2>
-    <p>LogShield provides a browser-based log sanitization service that removes sensitive data from text, including but not limited to API keys, tokens, credentials, personally identifiable information (PII), and other security patterns.</p>
-    <h2>3. Use License</h2>
-    <p>Subject to your compliance with these Terms, LogShield grants you a personal, non-exclusive, non-transferable, revocable license to use the Service for your personal or internal business purposes.</p>
-    <h2>4. User Responsibilities</h2>
-    <p>You agree to:</p>
-    <ul>
-      <li>Provide accurate account information</li>
-      <li>Maintain the security of your account credentials</li>
-      <li>Be responsible for all activities under your account</li>
-      <li>Not use the Service for illegal purposes</li>
-      <li>Not attempt to bypass usage limitations or restrictions</li>
-      <li>Not reverse engineer, decompile, or attempt to extract source code</li>
-    </ul>
-    <h2>5. Payment Terms</h2>
-    <p>Paid subscriptions are billed in advance on a monthly or annual basis through our payment processor (Paddle). All fees are in USD and are non-refundable except as described in our <a href="/refund.html" style="color: #3b82f6; text-decoration: underline;">Refund Policy</a>.</p>
-    <p><strong>Subscription Plans:</strong></p>
-    <ul>
-      <li>Starter: $7/month</li>
-      <li>Pro: $19/month</li>
-      <li>Team: $79/month (5 seats)</li>
-      <li>Lifetime: $199 one-time payment</li>
-    </ul>
-    <h2>6. Refund Policy</h2>
-    <p>We offer a 14-day money-back guarantee for all new subscriptions. For complete details, please see our <a href="/refund.html" style="color: #3b82f6; text-decoration: underline;">Refund Policy</a>.</p>
-    <h2>7. Privacy and Data Processing</h2>
-    <p><strong>Important:</strong> LogShield processes all log data entirely client-side in your browser. We never see, store, or transmit your log content to our servers. For details on account data and analytics, see our <a href="/privacy.html" style="color: #3b82f6; text-decoration: underline;">Privacy Policy</a>.</p>
-    <h2>8. Cancellation and Termination</h2>
-    <p>You may cancel your subscription at any time through your account settings. Your access will continue until the end of your current billing period. We reserve the right to suspend or terminate accounts that violate these Terms.</p>
-    <h2>9. Modifications to Service</h2>
-    <p>We reserve the right to modify, suspend, or discontinue any part of the Service at any time with reasonable notice. We will not be liable for any modification, suspension, or discontinuance of the Service.</p>
-    <h2>10. Intellectual Property</h2>
-    <p>The Service, including its software, design, and content (excluding user-generated content), is owned by LogShield and protected by international copyright, trademark, and other intellectual property laws. The core sanitization patterns are available as open source under the MIT license.</p>
-    <h2>11. Disclaimer of Warranties</h2>
-    <p>THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.</p>
-    <h2>12. Limitation of Liability</h2>
-    <p>IN NO EVENT SHALL LOGSHIELD BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM YOUR USE OF OR INABILITY TO USE THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.</p>
-    <h2>13. Governing Law and Jurisdiction</h2>
-    <p>These Terms are governed by and construed in accordance with the laws of Indonesia. Any disputes shall be resolved in the courts of Indonesia.</p>
-    <h2>14. Changes to Terms</h2>
-    <p>We may update these Terms from time to time. We will notify users of significant changes via email or through the Service. Your continued use after changes constitutes acceptance of the modified Terms.</p>
-    <h2>15. Contact Information</h2>
-    <p>For questions about these Terms of Service:</p>
-    <p><strong>Email:</strong> <a href="mailto:hello@logshield.dev" style="color: inherit;">hello@logshield.dev</a></p>
-    <p><strong>Website:</strong> <a href="https://logshield.dev" style="color: inherit;">https://logshield.dev</a></p>
-    <div style="margin-top: 40px; padding-top: 20px; border-top: 1px solid #e5e7eb;">
-      <a href="/" class="back-button">Back to LogShield</a>
-    </div>
-  </div>
-</body>
-</html>