Setiap website ingin sesuatu dari kamu. Sekarang kamu tahu apa itu.
Screenshots • Features • Installation • Architecture • API • Testing • Privacy
TruthLayer adalah Chrome Extension + Backend + Web Dashboard yang mengungkap niat tersembunyi setiap website yang Anda kunjungi. Dalam satu klik, TruthLayer memberikan:
| Metrik | Deskripsi |
|---|---|
| Trust Score (0–100) | Skor kepercayaan website berdasarkan dark pattern, data tracking, dan transparansi konten |
| Hidden Intent | Niat utama, sekunder, dan tersier — apa sebenarnya yang website ini inginkan? |
| Dark Patterns | Deteksi 10+ taktik manipulasi: fake urgency, confirmshaming, roach motel, disguised ads, forced action, dll |
| Data Collection Audit | Lacak semua data yang dikumpulkan oleh website, termasuk cookie pihak ketiga dan tracker |
| AI Content Estimate | Estimasi persentase konten yang dibuat oleh AI |
| Manipulation Level | Tingkat manipulasi: low / medium / high / extreme |
| Public Report | Bagikan hasil analisis via tautan publik truthlayer.io/report/domain.com |
| 🔍 Analisis Website Publik | 🧪 Pengujian Lokal |
 |
 |
| 📊 Laporan Lengkap (Public Report Page) | |
 |
|
🛡️ Trust Score Engine — Klik untuk detail
Trust Score dihitung dari 4 faktor utama dengan bobot berbeda:
| Faktor | Bobot | Sumber Data |
|---|---|---|
| Dark Pattern Detection | 35% | Content script + Backend AI |
| Data Collection Audit | 25% | Request blocking analysis |
| Intent Transparency | 20% | AI intent classification |
| AI Content Ratio | 20% | AI content estimation |
Skor akhir: 100 − (total penalty). Semakin rendah skor, semakin mencurigakan website tersebut.
🎭 Dark Pattern Detection — 10+ pola manipulasi terdeteksi
| Pattern | Deskripsi |
|---|---|
| 🔥 Fake Urgency | Hitung mundur palsu, stok terbatas palsu |
| 😞 Confirmshaming | "No thanks, I don't want to save money" |
| 🪤 Roach Motel | Mudah daftar, sulit hapus akun |
| 🎯 Disguised Ads | Iklan yang menyamar sebagai konten |
| 📋 Forced Action | Harus melakukan X untuk mengakses Y |
| 🔄 Misdirection | UI yang sengaja membingungkan |
| 🤫 Hidden Costs | Biaya tersembunyi di checkout |
| ♾️ Subscription Trap | Berlangganan otomatis tanpa konfirmasi |
| 💬 Social Proof Fake | Testimoni atau jumlah pengguna palsu |
| 🔗 Privacy Zuckering | Trik untuk membuat user share lebih banyak data |
🤖 AI-Powered Analysis — Claude AI di balik layar
TruthLayer menggunakan Claude AI (Anthropic) untuk:
- Mengklasifikasikan niat tersembunyi website (primary, secondary, tertiary)
- Mendeteksi dark pattern tingkat lanjut yang tidak bisa dideteksi oleh rule-based engine
- Memperkirakan persentase konten buatan AI
- Memberikan rekomendasi keamanan yang sesuai konteks
Setiap analisis melalui 3 tahap:
- Content Script Scan — Ekstrak metadata, tracker, cookies, dark pattern client-side
- Backend Processing — Kirim HTML ke backend untuk analisis mendalam
- AI Classification — Claude AI mengklasifikasikan intent dan memberikan skor
📊 Public Report Sharing — Bagikan hasil analisis
Setiap hasil analisis otomatis menghasilkan halaman publik yang bisa dibagikan:
- Format:
https://truthlayer.io/report/example.com - Berisi: Trust score, intent breakdown, dark patterns detected, data collection audit
- Bisa diakses tanpa ekstensi — cukup lewat browser biasa
- SEO friendly untuk pencarian domain trust information
⚡ Local Caching — Analisis cepat, tanpa beban server
- TTL cache: 24 jam per domain
- Storage: Chrome
storage.localuntuk extension, Redis untuk backend - Benefit: Analisis kedua untuk domain yang sama instant — tanpa panggilan API
- Kontrol: Clear cache via halaman Options extension
⌨️ Keyboard Shortcuts — Akses lebih cepat
| Shortcut | Aksi |
|---|---|
Ctrl + Shift + T (Windows/Linux) / Cmd + Shift + T (Mac) |
Buka popup TruthLayer |
Ctrl + Shift + Y (Windows/Linux) / Cmd + Shift + Y (Mac) |
Toggle auto-analyze |
# Clone repository
git clone https://github.com/wi5nuu/Truthlayer.git
cd truthlayer
# Load extension di Chrome:
# 1. Buka chrome://extensions
# 2. Aktifkan "Developer mode" (pojok kanan atas)
# 3. Klik "Load unpacked"
# 4. Pilih folder extension/Prerequisites: Node.js ≥ 18
cd backend
cp .env.example .env
npm install
npm run dev # Development dengan nodemon http://localhost:3001
# atau
npm start # ProductionEnvironment Variables:
| Variable | Default | Description |
|---|---|---|
PORT |
3001 |
Port server |
NODE_ENV |
development |
Environment mode |
CORS_ORIGIN |
http://localhost:3000 |
Web dashboard origin |
CORS_EXTENSION_ORIGIN |
chrome-extension://* |
Extension origin |
RATE_LIMIT_WINDOW_MS |
60000 |
Rate limit window (ms) |
RATE_LIMIT_MAX |
100 |
Max requests per window |
CACHE_TTL_MS |
86400000 |
Cache TTL (24 jam) |
Prerequisites: Node.js ≥ 18
cd web
npm install
npm run dev # Development http://localhost:3000
# atau
npm run build && npm start # Production# Build dan jalankan semua service
docker-compose up --build
# Backend: http://localhost:3001
# Web: http://localhost:3000
⚠️ Catatan untuk Windows:next buildmungkin error EISDIR di Node.js 22+. Gunakannpm run devuntuk development, atau Docker untuk production build.
node scripts/setup.jsScript ini akan:
- Install dependencies backend & web
- Copy
.env.exampleke.env(jika belum ada) - Jalankan test backend
- Konfigurasi git hooks
┌──────────────────────────────────────────┐
│ Chrome Extension │
│ ┌──────────┐ ┌──────────────────┐ │
│ │ Popup │ │ Service Worker │ │
│ │ (UI) │ │ (Background) │ │
│ └────┬─────┘ └────────┬─────────┘ │
│ │ │ │
│ ┌────▼───────────────────▼─────────┐ │
│ │ Content Script │ │
│ │ (Extract: metadata, trackers, │ │
│ │ cookies, dark patterns, SEO) │ │
│ └────────────────┬───────────────┘ │
└───────────────────┼───────────────────┘
│
▼
┌───────────────────────────────────────┐
│ Backend API (Express.js) │
│ │
│ POST /api/v1/analyze ───┐ │
│ GET /api/v1/report/:domain │
│ GET /api/v1/report/:domain/history │
│ GET /api/v1/export/:domain/json │
│ GET /api/v1/export/:domain/csv │
│ │
│ ┌──────────┐ ┌────────────────┐ │
│ │ Cache │ │ AI Analyzer │ │
│ │ (Memory) │ │ (Claude AI) │ │
│ └──────────┘ └───────┬────────┘ │
└───────────────────────┼───────────────┘
│
▼
┌──────────────────┐
│ Claude AI │
│ (Anthropic) │
└──────────────────┘
┌───────────────────────────────────────┐
│ Web Dashboard (Next.js 15) │
│ │
│ / Landing page │
│ /about About page │
│ /privacy Privacy policy │
│ /report/:domain Public report │
│ /not-found 404 page │
│ │
│ ┌────────────────────────────┐ │
│ │ SSR Rewrites → Backend │ │
│ └────────────────────────────┘ │
└───────────────────────────────────────┘
User opens website
│
▼
Content Script injected ─── Extract metadata, trackers, cookies
│
▼
Popup: user clicks analyze
│
▼
POST /api/v1/analyze ─── Kirim HTML + metadata ke backend
│
▼
Backend menerima request
│
├── Check cache ─── Jika ada cache (< 24 jam) → return cached result
│
└── Analisis pipeline:
│
├── 1. Rule-based Dark Pattern Detection
├── 2. Claude AI: Intent Classification
├── 3. Trust Score Calculation
└── 4. Cache result → return response
truthlayer/
│
├── extension/ # Chrome Extension (Manifest V3)
│ ├── manifest.json # Extension manifest
│ ├── popup/
│ │ ├── popup.html # UI popup
│ │ ├── popup.css # Styling
│ │ └── popup.js # Popup logic
│ ├── background/
│ │ └── service-worker.js # Background service worker
│ ├── content/
│ │ └── content-script.js # Content script injector
│ ├── options/
│ │ ├── options.html # Settings page
│ │ ├── options.css
│ │ └── options.js
│ ├── welcome/
│ │ └── welcome.html # Onboarding page
│ ├── icons/ # SVG icons
│ └── _locales/ # i18n translations
│
├── backend/ # Node.js Express API
│ ├── src/
│ │ ├── app.js # Express app setup
│ │ ├── server.js # Server entry point
│ │ ├── routes/
│ │ │ ├── analyze.js # POST /api/v1/analyze
│ │ │ ├── auth.js # Auth routes
│ │ │ ├── report.js # Report & history
│ │ │ └── export.js # Export JSON/CSV
│ │ ├── services/
│ │ │ ├── ai-analyzer.js # Claude AI integration
│ │ │ ├── cache-service.js # In-memory cache
│ │ │ ├── dark-pattern-detector.js
│ │ │ └── trust-scorer.js # Scoring engine
│ │ └── middleware/
│ │ ├── error-handler.js # Global error handler
│ │ └── rate-limiter.js # Rate limiting
│ ├── tests/
│ │ ├── analyze.test.js # Analyze endpoint tests
│ │ ├── export.test.js # Export endpoint tests
│ │ ├── health.test.js # Health check tests
│ │ ├── integration.test.js # Integration tests
│ │ └── trust-scorer.test.js # Scoring unit tests
│ ├── .env.example # Environment template
│ └── package.json
│
├── web/ # Next.js 15 Dashboard
│ ├── app/
│ │ ├── page.tsx # Landing page
│ │ ├── about/page.tsx # About page
│ │ ├── privacy/page.tsx # Privacy page
│ │ ├── not-found.tsx # 404 page
│ │ └── layout.tsx # Root layout
│ ├── components/
│ │ ├── trust-score.tsx
│ │ ├── intent-list.tsx
│ │ └── dark-pattern-badge.tsx
│ ├── lib/
│ │ └── api-client.ts # API client
│ ├── public/ # Static assets
│ └── package.json
│
├── shared/ # Shared TypeScript utilities
│ └── utils.ts # Validation, formatting, colors
│
├── scripts/
│ ├── setup.js # Dev environment setup
│ ├── verify-all.js # Full verification script
│ └── e2e-test.js # E2E API test
│
├── .github/
│ ├── workflows/ci.yml # GitHub Actions CI
│ ├── ISSUE_TEMPLATE/ # Issue templates
│ └── CODEOWNERS # Code ownership
│
├── docs/
│ └── screenshots/ # Screenshots
│
├── .eslintrc.cjs # ESLint config
├── .prettierrc # Prettier config
├── .prettierignore # Prettier ignore
├── .gitattributes # Git attributes
├── .gitignore
├── .nvmrc # Node version
├── docker-compose.yml # Docker Compose
├── LICENSE # MIT License
├── SECURITY.md # Security policy
├── CONTRIBUTING.md # Contributing guide
└── CHANGELOG.md # Release notes
GET /health
Response:
{
"status": "ok",
"timestamp": "2026-06-11T10:00:00.000Z",
"uptime": 1234.56,
"version": "1.0.0"
}POST /api/v1/analyze
Content-Type: application/json
Authorization: Bearer <token>
Request Body:
{
"url": "https://example.com",
"html": "<!DOCTYPE html><html>..."
}Response:
{
"success": true,
"data": {
"domain": "example.com",
"trustScore": 72,
"intent": {
"primary": "e-commerce",
"secondary": "newsletter-signup",
"tertiary": "data-collection"
},
"darkPatterns": [
{
"type": "fake-urgency",
"severity": "high",
"description": "Fake countdown timer detected"
}
],
"dataCollection": {
"cookies": 12,
"thirdPartyRequests": 8,
"trackers": ["google-analytics", "facebook-pixel"]
},
"aiContentEstimate": 15,
"manipulationLevel": "medium",
"cachedAt": "2026-06-11T10:00:00.000Z"
}
}GET /api/v1/report/:domain
GET /api/v1/report/:domain/history?page=1&limit=10
GET /api/v1/export/:domain/json
GET /api/v1/export/:domain/csv
| Code | Description |
|---|---|
200 |
Success |
400 |
Bad request (missing parameters, invalid URL) |
401 |
Unauthorized (missing/invalid token) |
403 |
Forbidden (CORS not allowed) |
404 |
Not found |
429 |
Rate limit exceeded |
500 |
Internal server error |
504 |
Analysis timeout |
# Jalankan semua test backend
cd backend && npm test
# Jalankan test spesifik
npm test -- --testPathPattern=analyze
npm test -- --testPathPattern=health
npm test -- --testPathPattern=export
npm test -- --testPathPattern=trust-scorer
npm test -- --testPathPattern=integration
# Coverage report otomatis dihasilkan setiap kali test dijalankanTest Coverage:
| Test Suite | Tests | Description |
|---|---|---|
health.test.js |
1 | Health endpoint validation |
analyze.test.js |
7 | Analyze endpoint & AI integration |
export.test.js |
4 | Export JSON & CSV endpoints |
trust-scorer.test.js |
6 | Trust score calculation |
integration.test.js |
3 | Full API workflow |
| Total | 21 |
node scripts/verify-all.jsScript ini menjalankan seluruh pipeline: lint → test → build untuk memastikan semua komponen berfungsi sebelum commit/push.
GitHub Actions otomatis menjalankan pipeline berikut untuk setiap push ke main dan setiap pull request:
| Job | Deskripsi | Tools |
|---|---|---|
| backend-test | Unit & integration tests | Jest + Supertest |
| web-lint | Linting Next.js | ESLint + Next.js lint |
| web-build | Production build | Next.js build |
| extension-build | Validasi extension manifest | Custom check |
# .github/workflows/ci.yml
on: [push, pull_request]
jobs:
backend-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm ci
- run: npm testTruthLayer dirancang dengan privacy-first approach:
| Data | Dikumpulkan? | Untuk Apa? |
|---|---|---|
| URL website | ✅ | Analisis domain & niat |
| HTML konten | ✅ | Deteksi dark pattern & AI analysis |
| Cookies & tracker | ✅ | Data collection audit |
| Data pribadi user | ❌ | Tidak pernah dikumpulkan |
| Riwayat browsing | ❌ | Hanya halaman yang diklik |
| Keyboard/mouse | ❌ | Tidak pernah direkam |
activeTabpermission — Extension hanya aktif saat icon diklik- Local cache 24 jam — Hasil analisis disimpan lokal, bukan di server
- No tracking — TruthLayer tidak melacak penggunanya
- HTTPS only — Semua komunikasi API melalui HTTPS
- Rate limiting — Backend dilindungi rate limiter (100 req/min)
- Helmet.js — Security headers untuk backend
| Permission | Alasan |
|---|---|
activeTab |
Akses halaman saat icon diklik |
storage |
Cache lokal hasil analisis |
notifications |
Notifikasi hasil analisis |
host_permissions |
Inject content script |
| Teknologi | Kegunaan |
|---|---|
 |
Browser extension Manifest V3 |
 |
Web dashboard & public report |
 |
UI framework |
 |
Type safety |
 |
Styling |
 |
Animations |
| Teknologi | Kegunaan |
|---|---|
 |
Runtime |
 |
Web framework |
 |
Testing |
 |
Security headers |
| Teknologi | Kegunaan |
|---|---|
 |
AI-powered intent classification |
| Dark Pattern Engine | Rule-based client-side detection |
| Trust Scorer | Multi-factor scoring algorithm |
| Teknologi | Kegunaan |
|---|---|
 |
Containerization |
 |
CI/CD |
 |
Code quality |
 |
Code formatting |
Kami sangat menghargai kontribusi dari komunitas! Silakan lihat CONTRIBUTING.md untuk panduan lengkap.
- Fork repository
- Buat branch fitur:
git checkout -b feat/amazing-feature - Commit:
git commit -m "feat: add amazing feature" - Push:
git push origin feat/amazing-feature - Buka Pull Request
- Backend: Test harus lulus sebelum pull request (
cd backend && npm test) - Web: Build harus sukses (
cd web && npm run build) - Formatting: Jalankan
npx prettier --write .sebelum commit - Conventional Commits: Gunakan prefix
feat:,fix:,chore:,docs:,test:,ci:
- User Dashboard — Riwayat analisis personal, saved domains, alerts
- Browser Comparison — Bandingkan trust score antar website
- API Token Management — Kelola API key untuk akses programmatic
- Real-time Monitoring — Notifikasi push saat website mencurigakan terdeteksi
- Dark Pattern Database — Database kolektif dark pattern dari komunitas
- Firefox & Edge Support — Ekspansi ke browser lain
- Mobile Companion App — Scan link via mobile app
Lihat CHANGELOG.md untuk riwayat rilis lengkap.
MIT © 2026 TruthLayer
Dibangun dengan ❤️ untuk web yang lebih transparan