README.md
June 29, 2026 · View on GitHub
AI gets the context. Not your private data.
PasteGuard masks PII and secrets before they reach ChatGPT, Claude, Gemini, your API provider, Codex, or Claude Code.
Browser Chat · Apps & APIs · Coding Agents · Documentation
You keep the originals. Providers see placeholders.
Run it locally or self-host it in your own infrastructure.
What PasteGuard Protects
PasteGuard is a local-first privacy layer for teams that cannot send raw client data, customer records, logs, credentials, or production details directly to model providers.
It works in three places:
Browser Chat
ChatGPT, Claude, and Gemini. Paste customer notes, contracts, support tickets, candidate details, or internal context without sending the raw private values to the chat provider. You see the originals; the AI sees placeholders.
The experimental browser extension is available for ChatGPT, Claude, and Gemini.
Install the extension → · Chat docs →
Apps & APIs
Apps, SDKs, and internal AI products. Point your application to PasteGuard instead of the provider directly.
Change one base URL. PasteGuard masks the request, forwards it to the configured provider, and restores supported placeholders in the response.
Coding Agents
Codex, Claude Code, Cursor, Windsurf, Copilot, and other coding agents. Agent prompts often include logs, stack traces, tickets, config files, test fixtures, and codebase context. PasteGuard masks secrets and PII before that context leaves your machine.
Built For Strict Privacy Rules
PasteGuard is a privacy control point before AI providers. It can support regulated workflows, but it does not replace your legal, security, or compliance program.
Use it when your current options are:
- Do not use cloud AI for sensitive work
- Redact client or production data manually
- Switch to a local model even when a cloud provider would give better results
- Build one-off masking code inside every app
Quick Start
Run PasteGuard as a local proxy:
docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:latest
Open localhost:3000 for the dashboard.
Point your app or agent to PasteGuard instead of the provider:
| Target | PasteGuard URL | Original URL |
|---|---|---|
| OpenAI | http://localhost:3000/openai/v1 | https://api.openai.com/v1 |
| Anthropic | http://localhost:3000/anthropic | https://api.anthropic.com |
| Codex CLI | http://localhost:3000/codex | https://chatgpt.com/backend-api/codex |
from openai import OpenAI
client = OpenAI(base_url="http://localhost:3000/openai/v1")
For custom config, persistent logs, Docker Compose, or detector settings: Read the docs.
Privacy Modes
Mask Mode
Mask Mode replaces PII and secrets with placeholders before sending the request to the upstream AI provider. Supported responses are restored before they return to the user.
Route Mode
Route Mode sends requests containing sensitive data to a local LLM such as Ollama, vLLM, or llama.cpp. Requests without sensitive data can still go to the configured cloud provider.
What It Catches
Personal data: Names, locations, emails, phone numbers, credit cards, IBANs, IP addresses, and EU VAT numbers. Detection is multilingual.
Secrets: API keys for providers such as OpenAI, Anthropic, Stripe, AWS, and GitHub; SSH and PEM private keys; JWT tokens; bearer tokens; passwords; and connection strings.
Both are detected and masked in real time, including streaming responses.
Dashboard
Every request is logged with masking details. See what was detected, what was masked, and what reached the provider.
How Detection Works
Detection runs as a separate service that PasteGuard calls over HTTP, so you can run it wherever you like. It combines deterministic checks and checksums for structured values with a small AI model (GLiNER) for names and places.
Code, Docker image, and tests are in detector/.
Tech Stack
Bun · Hono · GLiNER + python-stdnum (detector/) · SQLite or Postgres
Contributing
See CONTRIBUTING.md for guidelines on how to contribute.