ContextShield is a defensive scanning tool designed to inspect files and folders before they are shared externally.
Its main responsibilities are:
- discover files to scan
- filter unsupported or ignored paths
- run detectors on file contents
- score findings
- redact sensitive output
- generate terminal, JSON, and HTML reports
Parses command-line arguments and starts the scan workflow.
Loads and validates user configuration such as:
- ignored paths
- allowed internal domains
- max file size
- enabled detectors
- severity threshold
- include/exclude extensions
Responsible for:
- file discovery
- file loading
- text-file checks
- duplicate suppression
- scan orchestration
Each detector focuses on a specific class of risk, such as:
- secrets
- prompt injection
- internal references
- encoded blobs
Sensitive values are masked before being shown in reports.
ContextShield supports:
- terminal output
- JSON reports
- HTML reports
- defensive-only
- predictable behavior
- safe output by default
- clear reporting
- simple configuration
- practical performance
ContextShield does not aim to:
- exploit systems
- bypass protections
- perform offensive actions
- extract hidden data through intrusive behavior