DEV Community

Cửu thiên vũ đế review
Cửu thiên vũ đế review

Posted on • Originally published at github.com

Stop pasting your API keys into ChatGPT: a safer way to feed a codebase to an LLM

Every developer using Claude, ChatGPT, or Codex has done this: select a bunch of files, paste them into the chat, and ask a question. It works — until two things quietly bite you.

Failure mode 1: you paste a secret

config.js, .env.local, a test fixture — it only takes one file with api_key = "sk-ant-..." in it, and now your key is sitting in a third-party prompt log. You won't get an error. You'll just have leaked a credential.

The fix is boring but essential: scan for secrets before the text ever leaves your machine. API keys have recognizable shapes — sk-ant-, sk-, AKIA..., ghp_..., -----BEGIN PRIVATE KEY-----. A pre-flight pass can mask them:

config.js  api_key = "<redacted:ANTHROPIC_KEY>"
Enter fullscreen mode Exit fullscreen mode

You still send the code; you just don't send the credential.

Failure mode 2: you blow the context window

You paste 60k tokens into a 32k-context model and get a truncation, or worse, a silent drop of the earliest files. Most people find out by trial and error. But token count is knowable before you paste — you just need a per-model estimate:

~48,210 tokens  (24.1% of Claude 200,000 ctx)
Enter fullscreen mode Exit fullscreen mode

Now you know it fits, and you know how much room you have left for the conversation.

Doing both in one command

I got tired of eyeballing this, so I built ctxpack — a zero-dependency Node CLI that packs a repo into an LLM-ready bundle, redacts secrets by default, and budgets tokens for the model you're targeting.

npx github:trongtruong110-ux/ctxpack . --model claude-fable-5
Enter fullscreen mode Exit fullscreen mode
ctxpack: 34 files packed
  tokens: ~48,210  (24.1% of Claude Fable 5 200,000 ctx)
  redacted: 2 secret(s)
  skipped: 5 binary file(s)
Enter fullscreen mode Exit fullscreen mode

It honors your .gitignore, skips binaries and build output, and can emit markdown, XML, or JSON. Presets cover Claude (Fable 5 / Opus / Sonnet), GPT-5/4.1, and Gemini 2.5 Pro.

The general lesson (even if you don't use the tool)

Whatever you use to shuttle code into an LLM, add two habits:

  1. Redact before you send. Treat any codebase bundle like a pastebin post — assume it could be logged.
  2. Count tokens before you paste. "Does it fit?" is a question you can answer up front instead of after a bad response.

ctxpack is MIT-licensed and free: https://github.com/trongtruong110-ux/ctxpack. If you try it, I'd genuinely like to know which secret patterns or model presets are missing — open an issue.


What do you currently use to pack a codebase into a prompt? Curious what workflows people have settled on.

Top comments (0)