# Shield — UX/UI + Functionality improvements (for v1.5.x)

## Tier 1 — Real operator pain, ~1-2 days each

### 1. Link health = a per-takedown drilldown page
Today: the dashboard shows health as a pill in a row. Click the takedown → see the full probe history (every check, every status, body hash diff).
Route: GET /takedown/:id/health  →  /views/takedown-health.html
Use: when the operator wants to know "why is the system saying this is removed? what did the page look like last time?"

### 2. Bulk actions on the takedowns table
Today: 1 takedown = 1 row = 1 click to mark responded/removed/failed. With 5-10 takedowns the operator clicks a lot.
Add: checkboxes in the table header + "Mark all 'live' as 'stale'" / "Mark all 'removed' as 'closed'" / "Export CSV" buttons.
Use: weekly cleanup batch in 3 clicks instead of 50.

### 3. Webhook + email digest for the case owner
Today: the case owner (Nisali) gets nothing. She has to log in to see anything.
Add: every Monday morning, send Nisali an email digest of "your cases: 1 new case opened, 2 takedowns sent, 4 confirmed removed, 1 still being escalated". Optional: Slack/Discord webhook per case for real-time alerts.
Route: cron daily + digest weekly + per-event webhook.
Use: clients don't have to login to know what's happening.

### 4. Health-check a takedown on demand from the UI
Today: link health runs every 4h. If the operator just sent a takedown and wants to know "is the page still up?" right now, they can't.
Add: a "Check now" button next to the Last probe pill. Costs 1 search proxy credit. Updates the row immediately + returns the new status.
Use: "I just got off the phone with the platform's rep, can you verify the page is down?" → click → 2 seconds later: "yes, 404".

### 5. Inline image evidence + per-finding timeline
Today: a finding is just title + URL. The operator has to click "Open viewer" to see the actual leaked page.
Add: thumbnail of the leaked page (screenshot via search proxy) + side-by-side: "page when found" (frozen) vs "page now" (live re-probe). So the operator can see at a glance: "this page used to be a porn gallery, now it's a 404". 2 images per finding, scrollable history.
Use: insurance / legal cases need to show the platform "look, here's what was there and what's there now".

## Tier 2 — Polish, ~half day each

### 6. Saved searches / "follow this query"
Today: every deep-discovery run recomputes the query matrix from scratch. If Nisali has a 2nd image leak next month, we have to re-discover.
Add: "save this search" button on a scan result. Saved search re-runs weekly. Operator sees "new matches for saved search 'nisali nude leaks'".
Use: a long-running case (months of harassment) stays monitored without manual re-runs.

### 7. One-click "send to all 4 escalation steps in parallel"
Today: a case with platform + Cloudflare + registrar + ICANN = 4 separate sent rows. The system auto-escalates but the operator can override and send all 4 at once if they want a CYA paper trail.
Add: a "send to ALL chain steps now" button on the takedown. 4 emails, 1 button, audit logs each.
Use: the operator wants to "paper the chain" because they suspect the platform is a bad actor that will ignore the first email.

### 8. Per-domain dashboard (the "platform dossier")
Today: the dashboard has all takedowns in one list. If the operator wants to see "everything about EroMe", they filter manually.
Add: /dashboard/domains.html with a per-domain card: total sent / removed / still live / avg time-to-removal / contact + chain + last probe.
Use: a public-sector client evaluating "which platforms actually take down NCII within 30 days" gets a per-domain SLA report from this view.

### 9. Tamper-evident audit log
Today: the audit_log table is append-only, but there's no Merkle-style hash chain. An attacker who got DB access could rewrite history.
Add: each row has a `prev_hash` + `row_hash` column. The audit viewer page verifies the chain on load and shows a "verified ✓" badge.
Use: legal defensibility. "I sent this email at 14:32 on 2026-06-15" is provable cryptographically, not just "the row says it happened".

### 10. Operator notes on a takedown
Today: the audit_log is system-only. The operator can't leave a comment like "called platform rep, promised to take down by Friday".
Add: a `takedown_notes` table: (takedown_id, user_id, note, created_at). Tiny "Notes" panel on the takedown detail page.
Use: 6 months later when the lawyer asks "what happened on this takedown", the operator has their notes in the system.

## Tier 3 — Quality of life, ~2-4 hours each

### 11. Keyboard shortcuts
- `g d` go to dashboard
- `g c` go to cases
- `g t` go to takedowns
- `/` focus search bar
- `j` / `k` move down / up in a table
- `Enter` on a selected row opens the detail view
Use: power-user operator speed.

### 12. Dark mode / light mode toggle
Today: dark only. Lots of operators work in offices.
Add: 3 lines in main.css + a toggle button in the topbar. Local storage for the preference.

### 13. Multi-case cross-search
Today: /findings/search?q=foo is scoped to one case. The operator managing 50 cases for 5 victims can't search across all of them.
Add: /search.html with a case-agnostic search bar.
Use: "show me every takedown I've sent to Cloudflare in the last 30 days across all my cases".

### 14. "Mark all 404s as removed in one click"
Today: even with health checks, the operator has to click each row.
Add: a "Bulk: mark all 'removed' health-pills as resolved" button. Auto-learner runs the observed_success promotion on each.

### 15. Live "site health" badge on the dashboard
Today: the operator doesn't know if the system is currently probing.
Add: a tiny green/yellow/red dot in the topbar showing the last linkHealth tick age + status.

