AI Prompt Secret Scanner — local proxy that blocks secrets before they reach AI APIs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jricramc from gravatar.com jricramc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Jose Ramos
  • Tags security , secrets , ai , proxy , scanner , cli , dlp
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

aigate

Local secret scanner that intercepts AI API calls and prevents credentials from leaking to LLMs.

Install

git clone https://github.com/jricramc/aigate.git
cd aigate
pip install -e .

Requires Python 3.11+ and jq.

Quick start

Claude Code (hooks — no proxy needed)

aigate install-hook

All prompts and tool calls are scanned automatically. Secrets are blocked before Claude sees them.

Any AI tool (proxy mode)

Terminal 1 — proxy:

aigate setup                         # one-time: installs CA cert (needs sudo)
aigate start --mode redact           # start the proxy

Terminal 2 — your AI tool:

source ~/.bashrc                     # load cert env vars (or open a new terminal)
export HTTPS_PROXY=http://127.0.0.1:8080
export HTTP_PROXY=http://127.0.0.1:8080
claude                               # or any other AI tool

aigate setup installs the mitmproxy CA cert into the system trust store and adds NODE_EXTRA_CA_CERTS to ~/.bashrc so Claude Code / Node.js trusts the proxy.

Scan a file directly

aigate scan .env
cat prompt.txt | aigate scan -

Modes

aigate start --mode block    # reject requests containing secrets (default)
aigate start --mode redact   # replace secrets with env var placeholders
aigate start --mode warn     # forward but log a warning
aigate start --mode audit    # forward silently, log only

Redact mode

Instead of blocking, redact mode rewrites the request before it reaches the AI:

  1. Detects secrets in your prompt (AWS keys, API tokens, database URLs, private keys, etc.)
  2. Replaces them with placeholders like [REDACTED_ANTHROPIC_API_KEY]
  3. Saves the real credentials to a local .env file
  4. Injects a system instruction telling the AI to use os.environ[] and load from .env
  5. Forwards the sanitized request — the AI never sees the real credentials

The AI acknowledges the redaction, then writes secure code using environment variables automatically. Token prefixes are mapped to conventional env var names:

Token Env var
sk-ant-* ANTHROPIC_API_KEY
sk-*, sk-proj-* OPENAI_API_KEY
ghp_*, github_pat_* GITHUB_TOKEN
glpat-* GITLAB_TOKEN
xoxb-* SLACK_BOT_TOKEN
SG.* SENDGRID_API_KEY
AKIA* AWS_ACCESS_KEY_ID

Detection rules

  • AWS keysAKIA access key IDs
  • API tokens — OpenAI, Anthropic, GitHub, GitLab, Slack, SendGrid, Square
  • Database URLs — postgres, mysql, mongodb, redis, amqp, mssql with credentials
  • Private keys — RSA, EC, DSA, OPENSSH, PGP
  • Environment filesSECRET_KEY=value, DATABASE_URL=value, etc.
  • GCP service accounts — JSON with type: service_account and private_key
  • Tailscale keystskey-auth-*, tskey-api-*
  • High-entropy secrets — password/token/secret fields with entropy > 3.5 bits

Logs

aigate logs          # last 20 entries
aigate logs -n 50    # last 50 entries
aigate logs -f       # live tail

Log file: ~/.aigate/scan.log

Docker

docker build -t aigate .
docker run --rm --entrypoint bash -it aigate
# inside the container, everything is pre-configured:
aigate start --mode redact &
curl -x http://127.0.0.1:8080 ...

Uninstall

aigate uninstall-hook   # remove Claude Code hooks

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jricramc from gravatar.com jricramc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Jose Ramos
  • Tags security , secrets , ai , proxy , scanner , cli , dlp
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.2

0.2.1

0.2.0

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aigate-0.1.1.tar.gz (25.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aigate-0.1.1-py3-none-any.whl (18.2 kB view details)

Uploaded Python 3

File details

Details for the file aigate-0.1.1.tar.gz.

File metadata

  • Download URL: aigate-0.1.1.tar.gz
  • Upload date:
  • Size: 25.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.2

File hashes

Hashes for aigate-0.1.1.tar.gz
Algorithm Hash digest
SHA256 607eee73569d61d3c9b7466dee4f6d2d5e5b93768839eb6e107f5f6fb43d4197
MD5 e8d71074929c422852b3192d9ddc08ae
BLAKE2b-256 edc1b9d0a966a2730d22e8f329018f14e5a73899b8adc974f49d5664344a7f63

See more details on using hashes here.

File details

Details for the file aigate-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: aigate-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 18.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.2

File hashes

Hashes for aigate-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5c8e26f41ddfca4757b2cbf6274412088632c2626c17e5e095b576f9e6df6ba7
MD5 b3ea4fde175431931bac78a2cc51db09
BLAKE2b-256 bdcfae1986b2a5d525563fd2148893f09110cef17660430097a67a04544bca01

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page