Fix stale ~/.gdpr_scanner_* paths in help text, docs, and UI strings

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

CHANGELOG.md

@@ -19,7 +19,7 @@ Version numbers follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html
 
 - **Delta token status hid the source count** — the "Tokens saved" line under the Δ Delta scan toggle always showed the bare translation ("Tokens gemt") because the source count only existed in the JS fallback string, which is ignored whenever the lang key exists. The translations now carry a `{n}` placeholder ("Tokens gemt for {n} kilde(r)") substituted in `checkDeltaStatus()`, and the row gained a "?" hint bubble explaining what the saved change-tokens do and that "Clear tokens" forces the next scan to be a full scan.
 
-- **Stale data-file paths in README** — delta tokens were documented as `~/.gdpr_scanner_delta.json` and the SMTP password/Fernet key as `~/.gdpr_scanner_smtp.json` / `~/.gdpr_scanner_machine_id`; the actual locations have long been `~/.gdprscanner/delta.json`, `~/.gdprscanner/smtp.json`, and `~/.gdprscanner/machine_id`.
+- **Stale data-file paths in docs and UI text** — README, SECURITY.md, MAINTAINER.md, the `--headless` argparse help (`--settings`, `--reset-db`, epilog), the DB-import replace warning/confirm strings (all three languages), and two code comments still referenced the pre-1.x flat dotfile layout (`~/.gdpr_scanner_delta.json`, `~/.gdpr_scanner_smtp.json`, `~/.gdpr_scanner_machine_id`, `~/.gdpr_scanner.db`). All now point to the actual locations under `~/.gdprscanner/` (`delta.json`, `smtp.json`, `machine_id`, `scanner.db`). The legacy-migration rename tables in `gdpr_scanner.py` intentionally keep the old names.
 
 ---
 

MAINTAINER.md

@@ -102,7 +102,7 @@ tests/                 pytest test suite — 112 tests, all should pass.
 **Settings stats show 0 (Scanned / Flagged / Scans)**
 → `routes/database.py` → `db_stats()` — queries `flagged_items` and `scans` directly
 → Stats populate from existing DB on app start — no re-scan needed
-→ If still 0 after a completed scan: check `~/.gdpr_scanner.db` exists and is not empty
+→ If still 0 after a completed scan: check `~/.gdprscanner/scanner.db` exists and is not empty
 
 **File scan results not persisting to DB**
 → `scan_engine.py` → `run_file_scan()` — must call `_db.begin_scan()` not `start_scan()`

SECURITY.md

@@ -54,9 +54,9 @@ Out of scope:
 ## Data Handling Notes for Security Researchers
 
 - CPR numbers are stored in the SQLite database as **SHA-256 hashes only** — never in plaintext
-- SMTP passwords are stored in `~/.gdpr_scanner_smtp.json` with chmod 600
+- SMTP passwords are stored in `~/.gdprscanner/smtp.json` with chmod 600
 - Microsoft OAuth tokens are stored in the MSAL token cache in `~/.gdpr_scanner_config.json`
-- Scan results are stored locally in `~/.gdpr_scanner.db` — never transmitted externally
+- Scan results are stored locally in `~/.gdprscanner/scanner.db` — never transmitted externally
 - The web UI binds to `127.0.0.1` by default — it is not designed to be exposed to the internet
 
 ---

app_config.py

@@ -813,7 +813,7 @@ def clear_viewer_pin() -> None:
 # ── SMTP password encryption ─────────────────────────────────────────────────
 # The SMTP password is encrypted at rest using Fernet symmetric encryption.
 # The encryption key is derived from a stable machine-specific UUID stored in
-# ~/.gdpr_scanner_machine_id.  This key is only usable on the same machine —
+# ~/.gdprscanner/machine_id.  This key is only usable on the same machine —
 # the encrypted password cannot be decrypted if the config file is copied to
 # another host.
 

gdpr_db.py

@@ -6,7 +6,7 @@ Stores scan results alongside the existing JSON cache.  Neither replaces the
 other: JSON is fast and portable, SQLite enables querying, trending, and the
 data-subject index.
 
-Database location: ~/.gdpr_scanner.db  (configurable via DB_PATH)
+Database location: ~/.gdprscanner/scanner.db  (configurable via DB_PATH)
 
 Schema
 ------

gdpr_scanner.py

@@ -1593,10 +1593,10 @@ Headless (scheduled) usage:
     environment variables:  M365_CLIENT_ID, M365_TENANT_ID, M365_CLIENT_SECRET
     or a settings JSON:     --settings /path/to/settings.json
 
-  Scan options are loaded from ~/.gdpr_scanner_settings.json (saved automatically
+  Scan options are loaded from ~/.gdprscanner/settings.json (saved automatically
   after any interactive scan), or overridden in the --settings file.
 
-  SMTP config is loaded from ~/.gdpr_scanner_smtp.json (saved in the UI) or from
+  SMTP config is loaded from ~/.gdprscanner/smtp.json (saved in the UI) or from
   an 'smtp' key in the --settings file.
 
 Example cron (weekly, Mondays at 06:00):
@@ -1631,7 +1631,7 @@ Example --settings file with SMTP:
     parser.add_argument("--output",   default=".",
                         help="Output directory for Excel export in headless mode (default: .)")
     parser.add_argument("--settings", default=None,
-                        help="Path to a JSON settings file (overrides ~/.gdpr_scanner_settings.json)")
+                        help="Path to a JSON settings file (overrides ~/.gdprscanner/settings.json)")
     parser.add_argument("--email-to", default=None,
                         help="Comma-separated recipient addresses — send Excel report by email (headless only)")
     parser.add_argument("--retention-years", type=int, default=None,
@@ -1639,7 +1639,7 @@ Example --settings file with SMTP:
     parser.add_argument("--fiscal-year-end", default=None,
                         help="Fiscal year end as MM-DD for retention cutoff (e.g. 12-31 for Bogforingsloven). Omit for rolling window.")
     parser.add_argument("--reset-db", action="store_true",
-                        help="Reset the results database (~/.gdpr_scanner.db) — permanently deletes all scan history, "
+                        help="Reset the results database (~/.gdprscanner/scanner.db) — permanently deletes all scan history, "
                              "dispositions, and deletion log. Prompts for confirmation unless --yes is also passed.")
     parser.add_argument("--yes", action="store_true",
                         help="Skip confirmation prompts (use with --reset-db for scripted resets)")
@@ -2144,7 +2144,7 @@ Example --settings file with SMTP:
         email_to = getattr(args, "email_to", None)
         if email_to:
             recipients = [r.strip() for r in email_to.replace(";", ",").split(",") if r.strip()]
-            # SMTP config: --settings file takes priority, then saved ~/.gdpr_scanner_smtp.json
+            # SMTP config: --settings file takes priority, then saved ~/.gdprscanner/smtp.json
             smtp_cfg = _load_smtp_config()
             if cfg.get("smtp"):
                 smtp_cfg = {**smtp_cfg, **cfg["smtp"]}

lang/da.json

@@ -560,8 +560,8 @@
   "m365_db_import_mode": "Tilstand:",
   "m365_db_import_merge": "Sammenflet (sikker)",
   "m365_db_import_replace": "Erstat (fuld gendannelse)",
-  "m365_db_import_replace_warn": "⚠ Erstatningstilstand sletter alle eksisterende scanningsdata inden gendannelse. Sørg for at have en sikkerhedskopi af ~/.gdpr_scanner.db først.",
-  "m365_db_import_replace_confirm": "Erstatningstilstand sletter ALLE eksisterende scanningsdata og gendanner fra arkivet.\\n\\nSørg for at have en manuel sikkerhedskopi af ~/.gdpr_scanner.db.\\n\\nFortsæt?",
+  "m365_db_import_replace_warn": "⚠ Erstatningstilstand sletter alle eksisterende scanningsdata inden gendannelse. Sørg for at have en sikkerhedskopi af ~/.gdprscanner/scanner.db først.",
+  "m365_db_import_replace_confirm": "Erstatningstilstand sletter ALLE eksisterende scanningsdata og gendanner fra arkivet.\\n\\nSørg for at have en manuel sikkerhedskopi af ~/.gdprscanner/scanner.db.\\n\\nFortsæt?",
   "m365_db_import_no_file": "Vælg venligst en ZIP-fil først.",
   "m365_db_importing": "Importerer…",
   "m365_db_imported": "Importeret",

lang/de.json

@@ -560,8 +560,8 @@
   "m365_db_import_mode": "Modus:",
   "m365_db_import_merge": "Zusammenführen (sicher)",
   "m365_db_import_replace": "Ersetzen (vollständige Wiederherstellung)",
-  "m365_db_import_replace_warn": "⚠ Der Ersetzungsmodus löscht alle vorhandenen Scandaten vor der Wiederherstellung. Stellen Sie sicher, dass Sie zuerst eine Sicherungskopie von ~/.gdpr_scanner.db haben.",
-  "m365_db_import_replace_confirm": "Der Ersetzungsmodus löscht ALLE vorhandenen Scandaten und stellt aus dem Archiv wieder her.\\n\\nStellen Sie sicher, dass Sie eine manuelle Sicherungskopie von ~/.gdpr_scanner.db haben.\\n\\nFortfahren?",
+  "m365_db_import_replace_warn": "⚠ Der Ersetzungsmodus löscht alle vorhandenen Scandaten vor der Wiederherstellung. Stellen Sie sicher, dass Sie zuerst eine Sicherungskopie von ~/.gdprscanner/scanner.db haben.",
+  "m365_db_import_replace_confirm": "Der Ersetzungsmodus löscht ALLE vorhandenen Scandaten und stellt aus dem Archiv wieder her.\\n\\nStellen Sie sicher, dass Sie eine manuelle Sicherungskopie von ~/.gdprscanner/scanner.db haben.\\n\\nFortfahren?",
   "m365_db_import_no_file": "Bitte wählen Sie zuerst eine ZIP-Datei aus.",
   "m365_db_importing": "Importiere…",
   "m365_db_imported": "Importiert",

lang/en.json

@@ -560,8 +560,8 @@
   "m365_db_import_mode": "Mode:",
   "m365_db_import_merge": "Merge (safe)",
   "m365_db_import_replace": "Replace (full restore)",
-  "m365_db_import_replace_warn": "⚠ Replace mode will erase all existing scan data before restoring. Make sure you have a backup of ~/.gdpr_scanner.db first.",
-  "m365_db_import_replace_confirm": "Replace mode will erase ALL existing scan data and restore from the archive.\\n\\nMake sure you have a manual backup of ~/.gdpr_scanner.db.\\n\\nProceed?",
+  "m365_db_import_replace_warn": "⚠ Replace mode will erase all existing scan data before restoring. Make sure you have a backup of ~/.gdprscanner/scanner.db first.",
+  "m365_db_import_replace_confirm": "Replace mode will erase ALL existing scan data and restore from the archive.\\n\\nMake sure you have a manual backup of ~/.gdprscanner/scanner.db.\\n\\nProceed?",
   "m365_db_import_no_file": "Please select a ZIP file first.",
   "m365_db_importing": "Importing…",
   "m365_db_imported": "Imported",

static/js/scan.js

@@ -67,7 +67,7 @@ async function doImportDB() {
   }
   if (mode === 'replace') {
     if (!confirm(t('m365_db_import_replace_confirm',
-      'Replace mode will erase ALL existing scan data and restore from the archive.\n\nMake sure you have a manual backup of ~/.gdpr_scanner.db.\n\nProceed?'))) return;
+      'Replace mode will erase ALL existing scan data and restore from the archive.\n\nMake sure you have a manual backup of ~/.gdprscanner/scanner.db.\n\nProceed?'))) return;
   }
   btn.disabled = true;
   stat.style.color = 'var(--muted)';

templates/index.html

@@ -1538,7 +1538,7 @@ document.addEventListener('DOMContentLoaded', applyI18n);
         <option value="replace" data-i18n="m365_db_import_replace">Replace (full restore)</option>
       </select>
     </div>
-    <div id="importDbReplaceWarn" style="display:none;background:#7c1a0060;border:1px solid var(--danger);border-radius:6px;padding:8px 10px;font-size:11px;color:#ff7070;line-height:1.5" data-i18n="m365_db_import_replace_warn">⚠ Replace mode will erase all existing scan data before restoring. Make sure you have a backup of ~/.gdpr_scanner.db first.</div>
+    <div id="importDbReplaceWarn" style="display:none;background:#7c1a0060;border:1px solid var(--danger);border-radius:6px;padding:8px 10px;font-size:11px;color:#ff7070;line-height:1.5" data-i18n="m365_db_import_replace_warn">⚠ Replace mode will erase all existing scan data before restoring. Make sure you have a backup of ~/.gdprscanner/scanner.db first.</div>
     <div id="importDbStatus" style="min-height:16px;font-size:11px;color:var(--muted)"></div>
     <div style="display:flex;justify-content:flex-end;gap:8px;padding-top:4px;border-top:1px solid var(--border)">
       <button onclick="closeImportDBModal()" style="background:none;border:1px solid var(--border);color:var(--muted);padding:5px 14px;border-radius:6px;font-size:12px;cursor:pointer" data-i18n="btn_close">Close</button>