feat: add privacy mode — pause correction in password fields

[chernistry]

Summary

RightLayout should automatically pause correction when the user is typing in a secure text field (password input). Correcting text in password fields is both useless (passwords aren't words) and potentially a security/privacy concern (the app would be processing sensitive input).

Why This Matters

• Security: Password fields should never have their input intercepted or modified
• Privacy: Users expect password input to be private, even from accessibility tools
• Correctness: Passwords aren't natural language — trigram detection will produce false positives
• Trust: Users need to trust that RightLayout handles sensitive input responsibly

Current Behavior

• RightLayout processes ALL keystrokes, including those in password fields
• May attempt to "correct" a password, replacing characters
• This could break login flows and expose password patterns

Desired Behavior

• When the user focuses a secure text field, RightLayout automatically pauses
• When the user leaves the secure text field, RightLayout resumes
• No keystrokes from secure fields are processed, stored, or analyzed
• Visual indicator in menu bar shows "paused" state (optional)

Implementation

Detecting Secure Input Mode

File: RightLayout/Sources/Engine/EventMonitor.swift

macOS provides a secure input flag via CGEvent:

// Check if secure input is enabled
let secureInputEnabled = SecureInput.isEnabled

// Or check the event flag
func isSecureInput() -> Bool {
    return IsSecureEventInputEnabled()
}

The IsSecureEventInputEnabled() function from Carbon returns true when any app has enabled secure text input (which browsers and password managers do for password fields).

Integration points

1. Before processing any keystroke:

   guard !IsSecureEventInputEnabled() else {
       return // Skip processing entirely
   }

2. Clear any buffered text when entering secure mode:

   • Don't carry over partial word buffers from before the password field
   • Don't use text from before the password field as context after

3. Menu bar indicator (optional):

   • Show a lock icon or "Paused" text when secure input is active
   • Helps users understand why corrections stopped

Alternative detection: Accessibility API

If IsSecureEventInputEnabled() is too broad (some apps enable it globally), use the Accessibility API:

let focusedElement = AXUIElementCopyAttributeValue(...)
let isSecure = // check AXSecureTextField role

Privacy Guarantees

• Zero keystroke processing in secure mode
• Zero keystroke buffering in secure mode
• Buffer cleared on secure mode entry
• No logging of secure mode keystrokes (even in debug builds)

Test Cases

• Correction pauses in Safari password field
• Correction pauses in Chrome password field
• Correction pauses in 1Password / Bitwarden
• Correction resumes after leaving password field
• No partial buffer leak between secure and non-secure contexts
• Menu bar shows paused state (if implemented)
• Works with system login dialog
• Works with sudo prompt in Terminal

Edge Cases

• Some apps enable secure input globally (not just for password fields) — may cause RightLayout to pause too broadly
• Terminal apps may toggle secure input for sudo — RightLayout should handle this gracefully
• FileVault login screen — RightLayout isn't running yet, so not an issue

References

• IsSecureEventInputEnabled()
• Secure Event Input documentation
• RightLayout/Sources/Engine/EventMonitor.swift — main event handling