bugsafe creates safe-to-share crash bundles with automatic secret redaction.
bugsafe run -- <command>— Capture crash with redactionbugsafe run -t 60 -- <command>— With custom timeoutbugsafe render <bundle>— Render to markdownbugsafe render <bundle> --llm— Render for LLM contextbugsafe render <bundle> -f json— Render as JSONbugsafe scan <files>— Scan for secrets (exit 4 if found)bugsafe scan -v <files>— Verbose mode (show skipped files)bugsafe audit <bundle>— Verify redactionbugsafe inspect <bundle>— View bundle metadatabugsafe config --show— Show current configurationbugsafe mcp— Start MCP server
0— Success1— General error2— Bundle not found3— Validation failed4— Secrets found (scan/audit)
BUGSAFE_TIMEOUT— Override default timeout (seconds)BUGSAFE_FORMAT— Override output format (md/json)
Config file: ~/.config/bugsafe/config.toml
[defaults]
timeout = 300
max_output_size = 1048576
[output]
default_format = "md"uv run pytest tests/ -v— Run testsuv run ruff check src/— Lintuv run mypy src/bugsafe/— Type check
When MCP server is running, these tools are available:
scan_secrets— Scan text for secretscapture_crash— Run command and capture outputrender_bundle— Render bundle to readable formataudit_bundle— Verify redaction completenesscreate_bundle— Create a full bundle file
Claude Desktop / Cursor / Windsurf:
{"mcpServers": {"bugsafe": {"command": "uvx", "args": ["bugsafe", "mcp"]}}}Secrets are replaced with tokens: <API_KEY_1>, <TOKEN_2>, etc.
Same secret = same token (correlation preserved).
- Python 3.10+ with type hints
- Follow SOLID principles
- No legacy/backwards compatibility code
- DRY while maintaining readability
src/bugsafe/capture/— Command executionsrc/bugsafe/redact/— Secret detectionsrc/bugsafe/bundle/— Bundle formatsrc/bugsafe/render/— Output renderingsrc/bugsafe/mcp/— MCP server