- Blog listing page with hero, responsive grid, tag filters, load more
- Blog post page with markdown rendering, related posts, social share
- Ads landing page with conversion copy, pricing, FAQ, testimonials
- Dashboard shell with sidebar, topbar, stat cards, activity feed
- Dashboard components: Sidebar, TopBar, StatCard, ActivityFeed, QuickActions
- Comprehensive test suite covering all pages and components
- Create stub auth API (lib/auth.ts) with simulated delay
- Add PasswordInput component with visibility toggle
- Add SocialAuthButtons component (Google/Apple placeholders)
- Add AuthLayout with split-panel layout and rotating testimonial
- Implement login page with email/password validation and remember me
- Implement signup page with password strength indicator and ToS checkbox
- Implement forgot-password page with email submission and success state
- Implement reset-password page with token validation from query params
- Implement 4-step onboarding flow (plan selection, watchlist, invites, success)
- Add ToastProvider to root app
- Write 28 tests for all auth components and form validation
- Wrap hero headline in Typewriter with 50cps speed, 400ms delay
- Preserves gradient text effect on 'Identity Protection' span
- Update README task 03 to list Typewriter as a UI primitive
- HowItWorksSection: 3-step staggered timeline with gradient circles
- FeaturesGridSection: 6-card responsive grid (DarkWatch, VoicePrint, SpamShield, HomeTitle, RemoveBrokers, Family Plans)
- ForUsersSection: Split panel for Individuals and Families with checkmark lists
- WhyShieldAISection: 3 value prop cards (Proactive, AI-Powered, Privacy First)
- CTABannerSection: Final CTA with Create Account and Sign In buttons
- Updated routes/index.tsx with clip-path polygon transitions between sections
- Added 49 unit tests for all new sections
- Convert theme to SolidJS Context/Provider pattern (ThemeProvider)
- Extract createThemeState() for testability without context
- Add Typewriter component with character-by-character reveal
- Animate ThemeToggle with Typewriter label and hover scale
- Add cursor CSS animations (typewriter-blink, cursor-typing, cursor-block)
- Fix background color transition by using 'all' on :root
- Rename theme.ts -> theme.tsx for JSX support
- All 26 theme tests passing
- Navbar: responsive nav with ShieldAI logo, nav links, auth buttons,
mobile hamburger menu, theme toggle, scroll-aware glass effect
- Footer: multi-column responsive layout with product/company/resources/
legal links, social icons, copyright bar
- PageContainer: centered wrapper with max-w-7xl and responsive padding
- AppShell: root layout composing Navbar + main + Footer with dot-grid
background and MetaProvider
- useAuth stub hook for future auth integration (task 23)
- Wire AppShell into app.tsx as Router root
- Unit tests for PageContainer and useAuth
- Add @property declarations for all 28 animatable color tokens ensuring
smooth 500ms transitions between light/dark modes
- Remove invalid @theme block from inside @media (prefers-color-scheme: dark)
that was causing Tailwind v4 to use dark values as defaults
- Add FOUC-prevention inline script in entry-server.tsx that applies
theme class before first paint
- Integrate useTheme() hook in app.tsx for meta theme-color updates
and system preference change listener
- Add cn() utility for class merging in lib/utils.ts
- Button: primary/secondary/ghost/danger variants, sm/md/lg sizes, disabled/loading states
- Card: gradient-card background with optional header/footer slots
- Input: text/email/password/number types with label, error, helper text, focus ring
- Badge: default/success/warning/error/info variants
- Modal: Portal-based dialog with focus trap, ESC/backdrop close, animations
- Toast: ToastProvider context with show/dismiss/auto-dismiss and variant support
- Barrel export via index.ts
- 46 unit tests across all primitives
- Configure vitest with vite-plugin-solid for JSX support
- Archive legacy packages/, services/, server/ directories
- Update pnpm workspace to web + browser-ext
- Simplify root package.json scripts to delegate to web/
- Update turbo.json for new workspace structure
- Remove obsolete root config files (vite, tsconfig, etc.)
- Add .nvmrc, .editorconfig for consistent dev environment
- Update CI workflow to remove references to deleted packages
- Add missing dependencies (@tailwindcss/vite, tailwindcss) to web
- Add test and lint scripts to web package
- Verify pnpm install, build, and dev work correctly
CRITICAL:
- SEC-001: Auth tokens now stored in SecureStore (Keychain/Keystore)
- SEC-002: Biometric bypass removed - alerts user and disables when unavailable
HIGH:
- SEC-003: Push projectId moved to EXPO_PUBLIC_EAS_PROJECT_ID env var
- SEC-004: Token refresh mechanism added with refreshSession/hydrateTokens
- SEC-005: debug already gated on __DEV__ (confirmed)
MEDIUM:
- SEC-006: All PII stores (darkwatch, voiceprint, spamshield, settings, auth) now use encrypted AsyncStorage
- SEC-007: Certificate pinning documented with TODO for production
- SEC-008: Login brute force protection: 5 attempts then 5-minute lockout
LOW:
- SEC-009: Watch list input validation with format checks per entity type
- SEC-010: Upgrade Plan button shows billing coming soon alert
P0: Fix validation bypass - validated properties now override raw properties
P1: Add unit tests for shared-analytics package (3 test files)
P1: Refactor spamshield to use shared-analytics, deprecate duplicate
P2: Normalize phone numbers to E.164 before hashing
P2: Add graceful error handling for missing env vars in config
P3: Add singleton pattern to MixpanelService
P3: Include timestamp in validated properties schema
- Create eas.json with development, preview, and production build profiles
- Add submit configuration for iOS App Store and Google Play
- Create app store metadata with listing copy, keywords, and requirements
- Add screenshot capture guides for iOS and Android
- Add marketing asset directory structure
P0 fixes:
- Replace crypto.randomUUID() with uuid v4 (not available in RN)
- Replace Platform.Version with expo-device osVersion
- Fix auth navigation types, remove unused App route
P1 fixes:
- Push notification handler respects user preferences (useRef pattern)
- Fix stale closure: use zustand subscribe + useRef for live preferences
- Add retry logging for device registration failures
- Replace emoji tab icons with @expo/vector-icons Ionicons
- Document API integration TODOs in all local-only stores
P2 fixes:
- Add __DEV__ global declaration (global.d.ts)
- Fix package.json main field to expo/AppEntry.js
- Add retry logging for push device registration
- Add z-index/elevation to LoadingOverlay
- Add visual indicator to EmptyState icon
P3 fixes:
- Type navigation with NavigationProp<RootStackParamList>
- Move getSeverityColor to theme.ts (single source of truth)
- Add useMemo for SpamShield filter computations
- Verified usesNonExemptEncryption: false is correct for expo-secure-store
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add isValidReturnUrl validation at route level for fast rejection
- Add defense-in-depth validation in BillingService.createCustomerPortalSession
- Fix isValidReturnUrl bug: origin comparison was never reached due to
incorrect protocol check, allowing substring attacks (e.g., app.shieldai.com.evil.com)
- Export isValidReturnUrl from shared-billing package index
- Add unit tests for all attack vectors
Files changed:
- packages/api/src/routes/subscription.routes.ts
- packages/shared-billing/src/services/billing.service.ts
- packages/shared-billing/src/config/billing.config.ts
- packages/shared-billing/src/index.ts
- packages/shared-billing/src/__tests__/billing.config.test.ts
P0 fixes:
- Add CANCELLED status to RemovalStatus enum (types + Prisma schema)
- Use CANCELLED instead of REJECTED for user-initiated cancellations
- Add null guard for req.broker?.name in GET /request/:id
- Remove unsafe 'as any' casts in RemoveBrokersService.ts
- Add type-safe toPersonalInfo() validator for JSON deserialization
- Type RemovalRequestWithBroker properly in getRemovalStatus()
- Fix alert: any to NormalizedAlertInput in BrokerAlertPipeline
P1 fixes:
- Fix admin role check: remove non-existent 'admin', only check 'support'
- Fix BrokerDefinition.category type from string to BrokerCategory
- Add complete OpenAPI spec for all removebrokers routes and schemas
- Fix Prisma enum casing: snake_case -> UPPERCASE to match TypeScript types
- Add admin auth guard on POST /process endpoint (P0 security)
- Fix DELETE /request/:id to return valid enum status (REJECTED not cancelled)
- Fix brokerName bug: was set to brokerId, now resolves actual broker name
- Add missing BrokerCategory enum export to types package
- Add HOME_TITLE to AlertSource enum
- Replace unsafe 'as any' casts with proper enum imports
- Fix broker ID with space (familytree Now -> familytreenow)
- Add missing Prisma relation fields for RemovalRequest and BrokerListing
- Add FALSE_POSITIVE to CorrelationStatus enum
Co-Authored-By: Paperclip <noreply@paperclip.ing>
New service for helping clients remove personal listings from data broker sites.
Service features:
- BrokerRegistry: Catalog of 20+ data brokers with removal methods
- RemoveBrokersService: Core service for scanning, creating removal requests,
submitting removals, and verifying completions
- RemoveBrokersScheduler: Automated processing of pending removals and
verification of completed removals
- BrokerAlertPipeline: Alert integration for listing discoveries and removal status
API endpoints (/removebrokers):
- GET /brokers - List available data brokers
- GET /status - Get removal request status and stats
- POST /scan - Scan for personal listings across brokers
- POST /request - Create a new removal request
- GET /request/:id - Get specific removal request details
- DELETE /request/:id - Cancel a removal request
- POST /process - Trigger processing of pending removals
- POST /verify/:id - Manually verify a removal completion
DB models: InfoBroker, RemovalRequest, BrokerListing
Types: BrokerStatus, RemovalStatus, RemovalMethod, and related interfaces
- Make verifyCustomerOwnership public in BillingService
- Add ownership verification before fetching invoice history
- Returns 403 if customerId does not belong to authenticated user
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- ATTOM Property API integration for structured property data
- USPS address standardization via API
- County clerk/recorder feed scraping for deed changes and liens
- Rate limiting, caching, and retry logic
- Unit tests for each data source adapter
- PropertyRecord, CountyDeedRecord, DataSourceType types in types.ts
- Consolidated type exports in index.ts
Co-Authored-By: Paperclip <noreply@paperclip.ing>
WebhookService.constructEvent now reads from config.stripe.webhookSecret
instead of process.env.STRIPE_WEBHOOK_SECRET, matching BillingService.handleWebhook.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replace in-memory Map<string, number> with Redis-based idempotency
using setIfNotExists (NX) for distributed multi-instance deployments.
Removes cleanupOldEvents (no longer needed with Redis TTL).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add MIXPANEL_TOKEN, MIXPANEL_API_SECRET, ANALYTICS_ENV to .env.example
- Add packages/web/.env.example with VITE_MIXPANEL_TOKEN and other analytics vars
- Update docs/MIXPANEL_ANALYTICS.md with complete setup instructions
- Document event taxonomy (30+ events across User, Subscription, DarkWatch, VoicePrint, SpamShield)
- Add KPI definitions (MAU, MRR, conversion, churn, CAC, LTV, NPS, viral coefficient)
- Include integration examples for backend and frontend usage
- Document alert thresholds for monitoring
Implementation was already complete in packages/shared-analytics and packages/web.
This completes the configuration and documentation for Mixpanel setup.
FRE-5281
- Added @shieldai/shared-notifications, bullmq, ioredis deps to API
- POST /api/waitlist/signup now sends waitlist_confirmation email via EmailService
- Schedules welcome sequence (day1 intro, day3 features, day7 launch teaser) via BullMQ delayed jobs
- Added waitlist email worker in @shieldai/jobs to process delayed welcome sequence emails
- Templates already in place: waitlist_confirmation, waitlist_intro, waitlist_features, waitlist_launch_teaser with dark-themed HTML layouts
Co-Authored-By: Paperclip <noreply@paperclip.ing>
