AI Prompt Secret Scanner — local proxy that blocks secrets before they reach AI APIs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jricramc from gravatar.com jricramc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Jose Ramos
  • Tags security , secrets , ai , proxy , scanner , cli , dlp
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

aigate

Local secret scanner that intercepts AI API calls and prevents credentials from leaking to LLMs.

Install

git clone https://github.com/jricramc/aigate.git
cd aigate
pip install -e .

Requires Python 3.11+ and jq.

Quick start

Claude Code (hooks — no proxy needed)

aigate install-hook

All prompts and tool calls are scanned automatically. Secrets are blocked before Claude sees them.

Any AI tool (proxy mode)

Terminal 1 — proxy:

aigate setup                         # one-time: installs CA cert (needs sudo)
aigate start --mode redact           # start the proxy

Terminal 2 — your AI tool:

source ~/.bashrc                     # load cert env vars (or open a new terminal)
export HTTPS_PROXY=http://127.0.0.1:8080
export HTTP_PROXY=http://127.0.0.1:8080
claude                               # or any other AI tool

aigate setup installs the mitmproxy CA cert into the system trust store and adds NODE_EXTRA_CA_CERTS to ~/.bashrc so Claude Code / Node.js trusts the proxy.

Scan a file directly

aigate scan .env
cat prompt.txt | aigate scan -

Modes

aigate start --mode block    # reject requests containing secrets (default)
aigate start --mode redact   # replace secrets with env var placeholders
aigate start --mode warn     # forward but log a warning
aigate start --mode audit    # forward silently, log only

Redact mode

Instead of blocking, redact mode rewrites the request before it reaches the AI:

  1. Detects secrets in your prompt (AWS keys, API tokens, database URLs, private keys, etc.)
  2. Replaces them with placeholders like [REDACTED_ANTHROPIC_API_KEY]
  3. Saves the real credentials to a local .env file
  4. Injects a system instruction telling the AI to use os.environ[] and load from .env
  5. Forwards the sanitized request — the AI never sees the real credentials

The AI acknowledges the redaction, then writes secure code using environment variables automatically. Token prefixes are mapped to conventional env var names:

Token Env var
sk-ant-* ANTHROPIC_API_KEY
sk-*, sk-proj-* OPENAI_API_KEY
ghp_*, github_pat_* GITHUB_TOKEN
glpat-* GITLAB_TOKEN
xoxb-* SLACK_BOT_TOKEN
SG.* SENDGRID_API_KEY
AKIA* AWS_ACCESS_KEY_ID

Detection rules

  • AWS keysAKIA access key IDs
  • API tokens — OpenAI, Anthropic, GitHub, GitLab, Slack, SendGrid, Square
  • Database URLs — postgres, mysql, mongodb, redis, amqp, mssql with credentials
  • Private keys — RSA, EC, DSA, OPENSSH, PGP
  • Environment filesSECRET_KEY=value, DATABASE_URL=value, etc.
  • GCP service accounts — JSON with type: service_account and private_key
  • Tailscale keystskey-auth-*, tskey-api-*
  • High-entropy secrets — password/token/secret fields with entropy > 3.5 bits

Logs

aigate logs          # last 20 entries
aigate logs -n 50    # last 50 entries
aigate logs -f       # live tail

Log file: ~/.aigate/scan.log

Docker

docker build -t aigate .
docker run --rm --entrypoint bash -it aigate
# inside the container, everything is pre-configured:
aigate start --mode redact &
curl -x http://127.0.0.1:8080 ...

Uninstall

aigate uninstall-hook   # remove Claude Code hooks

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jricramc from gravatar.com jricramc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Jose Ramos
  • Tags security , secrets , ai , proxy , scanner , cli , dlp
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.2

0.2.1

0.2.0

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aigate-0.1.2.tar.gz (26.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aigate-0.1.2-py3-none-any.whl (18.3 kB view details)

Uploaded Python 3

File details

Details for the file aigate-0.1.2.tar.gz.

File metadata

  • Download URL: aigate-0.1.2.tar.gz
  • Upload date:
  • Size: 26.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.2

File hashes

Hashes for aigate-0.1.2.tar.gz
Algorithm Hash digest
SHA256 d2f823d712ee26d14a411075d110543673a209674ce5dc779477f931e631a567
MD5 c00c30a775fd380b9d90fc9484fe962d
BLAKE2b-256 cebd65e8a15d1f2e94a2b3ef41d62c9044715088a9498c0c61d75116683bcab4

See more details on using hashes here.

File details

Details for the file aigate-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: aigate-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 18.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.2

File hashes

Hashes for aigate-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 2d544e498ad7b27e88250b2cdc020c4d898027d2229e4c7dbea6d354507d5b4c
MD5 7cc4eb1ac66791d18ee2f08f35912cd7
BLAKE2b-256 3f6cc04be211e862c7cf3c1773e0773bd65bdc0625a90dbc93345e6a0ce2d18f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page