Password-protected links

[kobzevvv]

Problem

You publish a salary proposal, a security audit, or a client deliverable. You share the link. Someone forwards it. Now the whole internet can read your document.

Links are easy to share — that's their superpower and their weakness.

Solution

Add optional password protection to published pages.

npx instant-publish deploy report.html --slug q4-results --password
# Enter password: ****
# Published: https://chillai.space/p/q4-results (password-protected)

When someone opens the link, they see a minimal password prompt before the content loads. No account needed, no login wall — just a password.

Why this matters

• Confidential documents — financial reports, HR docs, legal drafts
• Client work — share deliverables without worrying about leaks
• Internal team docs — not everything should be public
• Compliance — some industries require access control on shared documents

Implementation ideas

• Password hashed and stored in KV metadata
• Served via a small interstitial page that validates the password client-side (hash comparison)
• No cookies, no sessions — just the password in the URL fragment or a form
• API: POST /api/publish accepts optional password field
• CLI: --password flag prompts for input (never passed as CLI argument for security)

UX

The password page should be dead simple — the chillai.space logo, one input field, one button. No friction. If the password is wrong, shake the input. If it's right, show the content instantly.