This is a fork of sgasser/pasteguard. See the upstream repository for the original project.
AI gets the context. Not your secrets.
Automatically hides names, emails, and API keys before you send prompts to AI.
Quick Start · Chat · Coding Tools · Documentation
Detects 30+ types of sensitive data across 24 languages.
Your data never leaves your machine.
Chat — Masks PII and secrets when you paste into ChatGPT, Claude, and Gemini. You see originals, AI sees placeholders.
Apps — Open WebUI, LibreChat, or any self-hosted AI setup. Optionally routes sensitive requests to a local model.
Coding Tools — Cursor, Claude Code, Copilot, Windsurf — your codebase context flows to the provider. PasteGuard masks secrets and PII before they leave.
API Integration — Sits between your code and OpenAI or Anthropic. Change one URL, your users' data stays protected.
Run PasteGuard as a local proxy:
docker run --rm -p 3000:3000 ghcr.io/raseidl/pasteguard:enPoint your tools or app to PasteGuard instead of the provider:
| API | PasteGuard URL | Original URL |
|---|---|---|
| OpenAI | http://localhost:3000/openai/v1 |
https://api.openai.com/v1 |
| Anthropic | http://localhost:3000/anthropic |
https://api.anthropic.com |
| Copilot | http://localhost:3000/copilot |
https://api.githubcopilot.com |
# One line to protect your data
client = OpenAI(base_url="http://localhost:3000/openai/v1")Docker Compose Setup
Copy the example config and start all services:
cp config.example.yaml config.yaml
# Edit config.yaml: set your provider API keys, choose entities to detect
docker compose up -dLogs are persisted in ./data/pasteguard.db. The dashboard is at localhost:3000/dashboard.
Development (Presidio in Docker, Bun locally with hot-reload):
docker compose up presidio -d
bun install
bun run devEuropean languages:
PASTEGUARD_TAG=eu docker compose up -dCustom language set (local build):
LANGUAGES=en,de,fr docker compose up -d --buildOptional .env file for API key fallbacks (not required if your client sends the Authorization header):
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...For full configuration reference, see config.example.yaml or the docs.
European Languages
For German, Spanish, French, Italian, Dutch, Polish, Portuguese, and Romanian:
docker run --rm -p 3000:3000 ghcr.io/raseidl/pasteguard:euFor custom config, persistent logs, or other languages: Read the docs →
Route Mode
Route Mode sends requests containing sensitive data to a local LLM (Ollama, vLLM, llama.cpp). Everything else goes to OpenAI or Anthropic. Sensitive data stays on your network.
Open-source browser extension for ChatGPT, Claude, and Gemini.
- Paste customer data → masked before it reaches the AI
- AI responds with placeholders → you see the originals
- Works with the same detection engine as the proxy
Currently in beta. Apache 2.0.
Protect your codebase context and secrets when using AI coding assistants.
Claude Code:
ANTHROPIC_BASE_URL=http://localhost:3000/anthropic claudeCursor: Settings → Models → Enable "Override OpenAI Base URL" → http://localhost:3000/openai/v1
PasteGuard intercepts GitHub Copilot requests from IDE plugins and applies the same masking pipeline as the OpenAI and Anthropic routes. Both endpoints are protected:
- Copilot Chat — conversation-style requests (
/chat/completions), same format as OpenAI Chat - Inline completions — ghost-text suggestions (
/v1/engines/:engine/completions), using the legacyprompt/suffixformat
What gets masked: hardcoded API keys, private keys, and connection strings in your code; PII (emails, names, phone numbers, etc.) in comments and string literals — before any of it leaves your machine.
Note: Inline completions (ghost text) run in mask mode only. Route mode is not supported for inline completions because local providers speak chat format, not the legacy completions format.
1. Enable Copilot in config.yaml:
providers:
copilot:
base_url: https://api.githubcopilot.com2. Point your IDE at PasteGuard:
VS Code — add to settings.json (this is an advanced/debug setting):
{
"github.copilot.advanced": {
"debug.overrideCapiUrl": "http://localhost:3000/copilot"
}
}IntelliJ / JetBrains IDEs are not currently supported. The JetBrains Copilot plugin only exposes an HTTP Proxy setting, which configures a forward proxy. PasteGuard is a reverse proxy and does not support the forward proxy protocol. VS Code is required for Copilot integration.
Authentication (GitHub OAuth tokens) is handled entirely by the IDE — no API key configuration required in PasteGuard.
Every request is logged with masking details. See what was detected, what was masked, and what reached the provider.
Metrics included:
- Total requests, masked/routed count, API requests, requests per hour
- Token usage: total tokens, input tokens, output tokens
- Cache hit rate — percentage of input tokens served from Anthropic's prompt cache (requires
cache_controlin requests) - Token anomaly alert — shown when the last-hour average exceeds 2× the 7-day rolling average
- Hover any metric title for a tooltip explanation
Personal data — Names, emails, phone numbers, credit cards, IBANs, IP addresses, locations. Powered by Microsoft Presidio. 24 languages.
Secrets — API keys (OpenAI, Anthropic, Stripe, AWS, GitHub), SSH and PEM private keys, JWT tokens, bearer tokens, passwords, connection strings.
Both detected and masked in real time, including streaming responses.
Bun · Hono · Microsoft Presidio · SQLite
This fork (raseidl/pasteguard) is based on sgasser/pasteguard v0.3.2.
See CHANGELOG.md for a detailed list of all changes per version.
git fetch upstream
git merge upstream/mainFor contributions to the core project, please submit PRs to the upstream repository. See CONTRIBUTING.md for guidelines.
For fork-specific changes, open PRs against this repository.
Apache 2.0 — Original work by Stefan Gasser.