DataShield

🚧 Work in progress, projet en construction

DataShield is under active development and is not production ready. The database schema, APIs and UI can change without notice, features may be incomplete or unstable, and breaking changes land regularly. Do not point it at real production data yet. Ce projet est en cours de construction.

Self-hosted service that tells a business whether its employees' data has surfaced in known breaches, with severity-based alerting and a customizable security dashboard.

Status

Early development. Things move fast and not everything listed below is finished.

Features (in progress)

• Breach exposure monitoring per employee (Have I Been Pwned and manual sources)
• Customizable widget dashboard (drag and drop, saved presets)
• Employee directory sync: Microsoft Entra ID (Azure AD), Google Workspace, LDAP / Active Directory, AWS IAM Identity Center, Okta, and inbound SCIM 2.0
• Alerting by severity and status

Tech stack

• Next.js 15 (App Router), React 19, TypeScript in strict mode
• Prisma 7 with PostgreSQL
• Auth.js (next-auth v5)
• Tailwind CSS

Getting started

Prerequisites: Node.js 22 (pinned via .nvmrc and engines; run nvm use), and Docker (for the local database) or your own PostgreSQL instance.

# 1. Install dependencies
npm install

# 2. Configure the environment
cp .env.example .env.local   # then edit AUTH_SECRET (npx auth secret)

# 3. Start the database, apply migrations and seed demo data
npm run db:init

# 4. Run the development server
npm run dev

Open http://localhost:3000 and sign in with the seeded admin account:

admin@datashield.local / ChangeMe123!

Switching machines / after git pull

The Prisma client is regenerated automatically on npm install (postinstall). The database is not migrated automatically: npm run dev only warns if migrations are pending (it never applies them on boot). After pulling changes that add a migration, apply it explicitly before running the app:

npm run db:migrate   # prisma migrate deploy, applies pending migrations

When you edit prisma/schema.prisma yourself, create the migration instead:

npx prisma migrate dev --name <change>

Database commands

• npm run db:init starts a Postgres container (compose.yml), applies all migrations and seeds demo data (breaches, employees, alerts).
• npm run db:up / npm run db:down start and stop the container.
• npm run db:migrate applies pending migrations to the current database.
• npm run seed:dev reseeds the demo data; npm run seed seeds only the admin.

No Docker? Point DATABASE_URL at your own PostgreSQL, then run npx prisma migrate deploy && npm run seed:dev.

Environment variables

All variables live in .env.local (copied from .env.example). AUTH_SECRET must be set; the rest have working defaults for local development.

Quality and security

Every push and pull request runs an automated pipeline: ESLint (zero warnings allowed), strict type checking, Prisma schema validation and a production build, plus CodeQL static analysis, dependency auditing, dependency review and secret scanning. See .github/workflows. Security policy and reporting: SECURITY.md.

Contributing

Contributions are welcome.

Contribution rules are enforced automatically by Git hooks (.githooks/) and CI (.github/workflows/compliance.yml). Non-compliant PR titles are rejected: invalid conventional commit format, AI attribution trailers, secrets, non-English text, frozen-dependency major bumps, and forbidden code patterns. The hooks activate on npm install.

Please also read CONTRIBUTING.md and CODE_OF_CONDUCT.md.

License

See LICENSE.