Skip to main content

Model-agnostic PII firewall for LLM apps: scan/redact/rescan/verify SDK + a local Claude Code redaction proxy (`shutapp claude`).

Project description

shutapp — the model-agnostic PII firewall

Three lines. Any LLM.

from shutapp import Shutapp

g = Shutapp(api_key="shu_live_...")
safe, session = g.scan("My email is john@acme.com")

# ...send `safe` to any LLM using your own provider key...

final = g.unscan(response_text, session)

Or the 2-line auto-wrap for OpenAI / Anthropic:

from openai import OpenAI
from shutapp import guard
client = guard(OpenAI())          # every .chat.completions.create call is now protected
from anthropic import Anthropic
from shutapp import guard
client = guard(Anthropic())       # every .messages.create call is now protected

Run Claude Code privately — shutapp claude

The same package ships a local CLI that wraps Claude Code so secrets are redacted before they ever reach Anthropic:

pip install shutapp
shutapp claude            # launches Claude Code through a local redaction proxy

shutapp claude starts a localhost proxy and runs the real claude through it, so API keys and other secrets are swapped for reversible placeholders on the way out and restored locally — Anthropic only ever sees redacted text. It works with both API-key and Claude Max/Pro subscription logins: on a subscription it auto-bridges your OAuth through the proxy (your credentials never leave your machine except to Anthropic, exactly as Claude Code already sends them). Requires Claude Code's claude on your PATH.

Local chat history is redacted too

The model never receives a raw secret: the proxy re-redacts the entire conversation (including replayed history) on every API call. But Claude Code also writes your raw typed prompt to its own local transcript files (~/.claude/projects/.../*.jsonl) for --resume. shutapp claude runs a real-time history redactor that rewrites those secrets to the same placeholder the model saw, and does a guaranteed final pass when Claude exits. Opt out with shutapp claude --no-history-scrub (the model stays protected either way).

Already have older transcripts with secrets in them? Clean them up:

shutapp history scrub --dry-run   # report only
shutapp history scrub             # redact transcripts from the last 7 days
shutapp history scrub --all       # redact every transcript
shutapp status            # version, vault dir, detector count
shutapp session list      # value-free session stats
shutapp detectors list    # the bundled detector registry
shutapp verify rcpt.json  # offline receipt verification

What it does

  1. Sends your prompt text to the Shutapp API, which replaces PII with reversible placeholders like [EMAIL_ADDRESS_1], [PHONE_NUMBER_1], [API_KEY_1].
  2. You send the redacted text to any LLM using your own key. Shutapp never sees your LLM key and never sees the response.
  3. You call unscan(...) to restore the original values in the LLM's response.

After every scan Shutapp prints a one-line receipt to your terminal:

[shutapp] scan ok · 12ms · EMAIL_ADDRESS x1, PHONE_NUMBER x1 · rcpt_8f3a2b

Install (from PyPI, later)

pip install shutapp

Install (from this monorepo, right now)

pip install -e ./packages/sdk-python

Config

Shutapp(api_key, base_url, receipts, receipt_format, timeout)

  • receipts: "stderr" (default), "stdout", "silent", or a callable fn(receipt_dict) for custom logging.
  • receipt_format: "line" or "block".
  • base_url: override for self-hosted Shutapp (e.g. http://localhost:8080).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

shutapp-2.2.1.tar.gz (98.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

shutapp-2.2.1-py3-none-any.whl (109.2 kB view details)

Uploaded Python 3

File details

Details for the file shutapp-2.2.1.tar.gz.

File metadata

  • Download URL: shutapp-2.2.1.tar.gz
  • Upload date:
  • Size: 98.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for shutapp-2.2.1.tar.gz
Algorithm Hash digest
SHA256 8c0eb708f6e02e06ffa6133a2648751367ac221cc4a7005439b5e4864c33c4ee
MD5 e01f61c3a4f0c75dbcba664f72f6c08b
BLAKE2b-256 5075ff0cbc7edce536bb3f6d27b7687575595f8a11cf9a4e965f0992d99697fb

See more details on using hashes here.

Provenance

The following attestation bundles were made for shutapp-2.2.1.tar.gz:

Publisher: release.yml on Itaib24/Guardom

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file shutapp-2.2.1-py3-none-any.whl.

File metadata

  • Download URL: shutapp-2.2.1-py3-none-any.whl
  • Upload date:
  • Size: 109.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for shutapp-2.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 357798471b5d3612a4b1ca07bea022e102479f59d607bca5523098dab4ae5392
MD5 9f76ceeb597c77755cd49f16bd21d498
BLAKE2b-256 ccb9fe9efb800d26c4ecf62b6ce5162a24e4e1f5f64e7b52dff515d788c34480

See more details on using hashes here.

Provenance

The following attestation bundles were made for shutapp-2.2.1-py3-none-any.whl:

Publisher: release.yml on Itaib24/Guardom

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page