status · shipped

products / 02patterns / 45egress / 0 byteslicense / MIT

[ vaultbix · 2026 ]

Shipped · Open source · 100% local

Secrets stop
before they
reach the AI.

VaultBix is two developer security tools — a Chrome extension and a terminal wrapper — that catch API keys, passwords, and PII the instant before they leave your browser or your shell. Detection runs on your machine. Nothing is uploaded.

extensionclinpm

Built by Carl Gao & Max · 2026

vaultbix · session

manifest / index2 entries

01chrome extension

v5.2.2

02cli wrappernew

v1.2.6

detection

45 patterns

processing

100% local

license

MIT

egress

0 bytes

§01 / Shipped

Two products.
Same job, two surfaces.

One guards the browser. One guards the terminal. Both detect secrets the moment before they leave the machine, and both are open source.

§01 / browserv5.2.2·stable

Chrome Extension

ChatGPT · Claude · Cursor · Copilot · Gemini

A Manifest V3 extension that watches the prompt box. The instant you paste or type an API key, password, or piece of PII into an AI tool, VaultBix flags it and holds the submission. Forty-five detection patterns combine regex with Shannon-entropy analysis, and every check runs in the page — nothing is ever sent to a server.

Blocked before send

pattern AWS Access Key

AKIA••••••••••••XMPL

removeoverride

patterns

100%

local

MV3

architecture

MIT

open source

source web store

§02 / terminalv1.2.6·latestnew

CLI Wrapper

wraps claude code · per-keystroke scanning

The newer half of VaultBix. It spawns Claude Code inside a real PTY, so the full TUI behaves exactly as normal — arrows, history, paste, resize. Every line you type is scanned before it reaches the model; if a secret appears, VaultBix clears the input and tells you what it caught. Pair it with the env-var workflow and the value never enters the conversation at all.

~ / project

$ npm i -g vaultbix-cli

$ vaultbix

● wrapping claude code…

⚠ blocked · openai api key

PTY

real terminal

detectors

env

var workflow

npm

global install

source npm

§02 / Architecture

The interception
happens locally.

Both tools sit between you and the model and inspect text on the way out. The check runs on your machine; only clean input is ever forwarded. Nothing is uploaded for scanning.

Lane A · browser

content script · regex + entropy

input

paste / type

into the prompt box

scan

content script

45 patterns · in-page

gate

decision

block · redact · warn

clean → ChatGPT / Claude

secret → blocked

on detect · submission is held, the match is shown with a redacted preview, and you choose to remove or override before anything is sent.

Lane B · terminal

node-pty wrapper · per-line

input

keystrokes

buffered in raw mode

scan

pty wrapper

scanned on Enter

gate

decision

clear · forward

clean → claude code

secret → blocked

on detect · a Ctrl+U is sent to clear Claude's input line, a warning naming the pattern is printed, and the line is dropped — the model never receives it.

Zero egress. No telemetry, no accounts, no remote detection service. The threat model assumes the network is hostile, so detection never leaves the device.

§03 / Build