Every developer using Claude, ChatGPT, or Codex has done this: select a bunch of files, paste them into the chat, and ask a question. It works — until two things quietly bite you.
Failure mode 1: you paste a secret
config.js, .env.local, a test fixture — it only takes one file with api_key = "sk-ant-..." in it, and now your key is sitting in a third-party prompt log. You won't get an error. You'll just have leaked a credential.
The fix is boring but essential: scan for secrets before the text ever leaves your machine. API keys have recognizable shapes — sk-ant-, sk-, AKIA..., ghp_..., -----BEGIN PRIVATE KEY-----. A pre-flight pass can mask them:
config.js → api_key = "<redacted:ANTHROPIC_KEY>"
You still send the code; you just don't send the credential.
Failure mode 2: you blow the context window
You paste 60k tokens into a 32k-context model and get a truncation, or worse, a silent drop of the earliest files. Most people find out by trial and error. But token count is knowable before you paste — you just need a per-model estimate:
~48,210 tokens (24.1% of Claude 200,000 ctx)
Now you know it fits, and you know how much room you have left for the conversation.
Doing both in one command
I got tired of eyeballing this, so I built ctxpack — a zero-dependency Node CLI that packs a repo into an LLM-ready bundle, redacts secrets by default, and budgets tokens for the model you're targeting.
npx github:trongtruong110-ux/ctxpack . --model claude-fable-5
ctxpack: 34 files packed
tokens: ~48,210 (24.1% of Claude Fable 5 200,000 ctx)
redacted: 2 secret(s)
skipped: 5 binary file(s)
It honors your .gitignore, skips binaries and build output, and can emit markdown, XML, or JSON. Presets cover Claude (Fable 5 / Opus / Sonnet), GPT-5/4.1, and Gemini 2.5 Pro.
The general lesson (even if you don't use the tool)
Whatever you use to shuttle code into an LLM, add two habits:
- Redact before you send. Treat any codebase bundle like a pastebin post — assume it could be logged.
- Count tokens before you paste. "Does it fit?" is a question you can answer up front instead of after a bad response.
ctxpack is MIT-licensed and free: https://github.com/trongtruong110-ux/ctxpack. If you try it, I'd genuinely like to know which secret patterns or model presets are missing — open an issue.
What do you currently use to pack a codebase into a prompt? Curious what workflows people have settled on.
Top comments (0)