DEV Community

Sberlerch
Sberlerch

Posted on

Why I built Contextia: stopping secrets before they reach AI chats

I almost pasted a production .env into ChatGPT. Twice. That's the whole origin story.

We paste code, logs and configs into AI chats all day, and those blobs are full of
live API keys, tokens, private keys and connection strings. Existing tools —
gitleaks, trufflehog — are great, but they scan repositories and CI pipelines.
None of them sit at the exact moment the leak happens: the chat composer.

So I built Contextia: a local, on-device guard that flags secrets before they
leave your machine.

The design constraints I refused to bend

  • Zero network requests. No accounts, no servers, no telemetry. There's a unit test that scans the source and fails the build if any fetch/XHR/WebSocket appears. For a privacy tool, "trust me" isn't enough — it has to be structurally impossible.
  • The log never stores the secret. A detection record is { timestamp, site, type, severity, action } — never the matched value.
  • One deterministic, DOM-free engine. detect(text) -> Finding[] is a pure function with no browser or network dependency, so every surface reuses the same logic and it's trivial to test.

One engine, four surfaces

  • Browser extension — scans the composer on ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek. Modes: warn, auto-redact, block.
  • Terminal AI-DLP proxycontextia run -- <your agent> wraps a CLI agent and redacts or blocks secrets in requests to Anthropic/OpenAI before they leave. It can even do reversible tokenization: the model gets a placeholder, and the real value is restored in the response.
  • Claude Code plugin — blocks a prompt that contains a secret.
  • The engine — an MIT npm package you can drop into your own tools.

Coverage

58 detectors today (AWS, GitHub, Stripe, OpenAI, Figma, Atlassian, Tailscale, PEM
keys, .env, DB strings, JWTs, credit cards, IBANs…), each guarded by an automatic
false-positive gate: a new rule can't ship unless its fixtures hold. You can also add
your own values and regex patterns to always redact.

Try it


bash
npx @sbr0nch/contextia scan .env
contextia run -- claude   # guard your agent with one command
Enter fullscreen mode Exit fullscreen mode

Top comments (0)