Model-agnostic PII firewall for LLM apps: scan/redact/rescan/verify SDK + a local Claude Code redaction proxy (`shutapp claude`).
Project description
shutapp — the model-agnostic PII firewall
Three lines. Any LLM.
from shutapp import Shutapp
g = Shutapp(api_key="shu_live_...")
safe, session = g.scan("My email is john@acme.com")
# ...send `safe` to any LLM using your own provider key...
final = g.unscan(response_text, session)
Or the 2-line auto-wrap for OpenAI / Anthropic:
from openai import OpenAI
from shutapp import guard
client = guard(OpenAI()) # every .chat.completions.create call is now protected
from anthropic import Anthropic
from shutapp import guard
client = guard(Anthropic()) # every .messages.create call is now protected
Run Claude Code privately — shutapp claude
The same package ships a local CLI that wraps Claude Code so secrets are redacted before they ever reach Anthropic:
pip install shutapp
shutapp claude # launches Claude Code through a local redaction proxy
shutapp claude starts a localhost proxy and runs the real claude through it,
so API keys and other secrets are swapped for reversible placeholders on the way
out and restored locally — Anthropic only ever sees redacted text. It works with
both API-key and Claude Max/Pro subscription logins: on a subscription it
auto-bridges your OAuth through the proxy (your credentials never leave your
machine except to Anthropic, exactly as Claude Code already sends them).
Requires Claude Code's claude on your PATH.
Local chat history is redacted too
The model never receives a raw secret: the proxy re-redacts the entire
conversation (including replayed history) on every API call. But Claude Code
also writes your raw typed prompt to its own local transcript files
(~/.claude/projects/.../*.jsonl) for --resume. shutapp claude runs a
real-time history redactor that rewrites those secrets to the same placeholder
the model saw, and does a guaranteed final pass when Claude exits. Opt out with
shutapp claude --no-history-scrub (the model stays protected either way).
Already have older transcripts with secrets in them? Clean them up:
shutapp history scrub --dry-run # report only
shutapp history scrub # redact transcripts from the last 7 days
shutapp history scrub --all # redact every transcript
shutapp status # version, vault dir, detector count
shutapp session list # value-free session stats
shutapp detectors list # the bundled detector registry
shutapp verify rcpt.json # offline receipt verification
What it does
- Sends your prompt text to the Shutapp API, which replaces PII with reversible
placeholders like
[EMAIL_ADDRESS_1],[PHONE_NUMBER_1],[API_KEY_1]. - You send the redacted text to any LLM using your own key. Shutapp never sees your LLM key and never sees the response.
- You call
unscan(...)to restore the original values in the LLM's response.
After every scan Shutapp prints a one-line receipt to your terminal:
[shutapp] scan ok · 12ms · EMAIL_ADDRESS x1, PHONE_NUMBER x1 · rcpt_8f3a2b
Install (from PyPI, later)
pip install shutapp
Install (from this monorepo, right now)
pip install -e ./packages/sdk-python
Config
Shutapp(api_key, base_url, receipts, receipt_format, timeout)
receipts:"stderr"(default),"stdout","silent", or a callablefn(receipt_dict)for custom logging.receipt_format:"line"or"block".base_url: override for self-hosted Shutapp (e.g.http://localhost:8080).
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shutapp-2.4.0.tar.gz.
File metadata
- Download URL: shutapp-2.4.0.tar.gz
- Upload date:
- Size: 268.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
13020037f0fbef3652679de9a86acd971f9b7ae660762889b1c79ff864c64a73
|
|
| MD5 |
0d69ca9f04b5c531f2b3f75cbd851061
|
|
| BLAKE2b-256 |
ea9b747aee8923c0db057de37280d9dfa0bbd6d9868a59f4a244d7f8957d2952
|
Provenance
The following attestation bundles were made for shutapp-2.4.0.tar.gz:
Publisher:
release.yml on Itaib24/Guardom
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
shutapp-2.4.0.tar.gz -
Subject digest:
13020037f0fbef3652679de9a86acd971f9b7ae660762889b1c79ff864c64a73 - Sigstore transparency entry: 1789369497
- Sigstore integration time:
-
Permalink:
Itaib24/Guardom@885fbee1052686a3da2bf0074015f76ac8af0a46 -
Branch / Tag:
refs/tags/v2.4.0 - Owner: https://github.com/Itaib24
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@885fbee1052686a3da2bf0074015f76ac8af0a46 -
Trigger Event:
push
-
Statement type:
File details
Details for the file shutapp-2.4.0-py3-none-any.whl.
File metadata
- Download URL: shutapp-2.4.0-py3-none-any.whl
- Upload date:
- Size: 260.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1db6b65ad0ec8489ce64c7fab50ee4c2fdf73a3303e42ac228ca7c403953fc35
|
|
| MD5 |
76f5802c13ea87a46ebab85817bb84df
|
|
| BLAKE2b-256 |
d134fd41276947bc15c25a29a6642a7ecc018293dd6afacc95f9b931815b775a
|
Provenance
The following attestation bundles were made for shutapp-2.4.0-py3-none-any.whl:
Publisher:
release.yml on Itaib24/Guardom
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
shutapp-2.4.0-py3-none-any.whl -
Subject digest:
1db6b65ad0ec8489ce64c7fab50ee4c2fdf73a3303e42ac228ca7c403953fc35 - Sigstore transparency entry: 1789369513
- Sigstore integration time:
-
Permalink:
Itaib24/Guardom@885fbee1052686a3da2bf0074015f76ac8af0a46 -
Branch / Tag:
refs/tags/v2.4.0 - Owner: https://github.com/Itaib24
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@885fbee1052686a3da2bf0074015f76ac8af0a46 -
Trigger Event:
push
-
Statement type: