{"id":51156942,"url":"https://github.com/tanguc/bleep-ai","last_synced_at":"2026-06-26T11:01:27.455Z","repository":{"id":365556402,"uuid":"1272638093","full_name":"tanguc/bleep-ai","owner":"tanguc","description":"Bleep - intercepts LLM API traffic and substitutes secrets, keys, and PII with realistic look-alike fakes, then restores the originals in the response","archived":false,"fork":false,"pushed_at":"2026-06-17T20:44:04.000Z","size":772,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-17T22:22:52.466Z","etag":null,"topics":["anthropic","claude","data-privacy","dlp","llm","mitm-proxy","pii","privacy","redaction","rust","secrets-detection","security"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tanguc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-17T19:59:50.000Z","updated_at":"2026-06-17T20:44:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/tanguc/bleep-ai","commit_stats":null,"previous_names":["tanguc/bleep-ai"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/tanguc/bleep-ai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tanguc%2Fbleep-ai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tanguc%2Fbleep-ai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tanguc%2Fbleep-ai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tanguc%2Fbleep-ai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tanguc","download_url":"https://codeload.github.com/tanguc/bleep-ai/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tanguc%2Fbleep-ai/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34813782,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-26T02:00:06.560Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anthropic","claude","data-privacy","dlp","llm","mitm-proxy","pii","privacy","redaction","rust","secrets-detection","security"],"created_at":"2026-06-26T11:01:26.524Z","updated_at":"2026-06-26T11:01:27.450Z","avatar_url":"https://github.com/tanguc.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Bleep\n\n\u003csub\u003e`Bl██p` — it redacts itself\u003c/sub\u003e\n\n\u003cbr\u003e\n\n**Intercepts LLM API traffic and substitutes secrets, keys, and PII with realistic look-alike fakes — then restores the originals in the response.**\n\n\u003cbr\u003e\n\n[![license](https://img.shields.io/badge/license-MIT-2FD4B3?style=flat-square\u0026labelColor=14161B)](./LICENSE)\n[![platform](https://img.shields.io/badge/macOS-Apple%20Silicon%20%7C%20Intel-14161B?style=flat-square\u0026logo=apple\u0026logoColor=white)](#install)\n[![built with rust](https://img.shields.io/badge/built%20with-Rust-14161B?style=flat-square\u0026logo=rust\u0026logoColor=E43717)](https://www.rust-lang.org)\n[![redaction](https://img.shields.io/badge/redaction-on%20by%20default-2FD4B3?style=flat-square\u0026labelColor=14161B)](#how-it-works)\n[![status](https://img.shields.io/badge/status-pre--1.0-F2A33C?style=flat-square\u0026labelColor=14161B)](#)\n\n\u003c/div\u003e\n\n---\n\nBleep sits between your machine and the model API. It detects sensitive values\nin outbound requests — API keys, tokens, emails, credit cards, connection\nstrings — and swaps each one for a fake that keeps the original's **shape**: an\n`AKIA…` key stays an `AKIA…` key, an email stays a valid-looking email. The model\nreasons about the structure just fine; the real value never leaves your machine.\nOn the way back, the fakes are restored to the originals before your terminal\nsees them.\n\n\"Transparent\" means **zero workflow change** — Bleep wraps the `claude` CLI and\nintercepts its TLS, so redaction is on by default with nothing to configure. It\nships as a small gateway binary plus an optional macOS menu-bar dashboard.\n\n\u003e **Scope today:** Bleep MITMs `*.anthropic.com` only. Everything else is\n\u003e CONNECT pass-through and is never inspected.\n\n---\n\n## See it in one exchange\n\nYou paste a stack trace into `claude` without thinking. Bleep rewrites it in\nflight — the **red** lines are what you typed (they never leave your machine);\nthe **green** lines are all `api.anthropic.com` ever receives:\n\n```diff\n- DB is down: postgres://admin:S3cr3tP%40ss@db.acme.internal/payments\n- AWS key AKIA4FROMTHEPROD7XYZ — ping jane.ops@acme-corp.com\n+ DB is down: postgres://admin:Xq7mK2pNvR%40te@db-71f3.internal/payments\n+ AWS key AKIA9TQ3RBWELMX2K8VD — ping lena.park@example.net\n```\n\nEvery substitution is **shape-for-shape**, so the model reasons about the\nstructure exactly as it would the real thing:\n\n| What you wrote | What the provider saw | Rule |\n| :-- | :-- | :-- |\n| `S3cr3tP%40ss` | `Xq7mK2pNvR%40te` | url-credential |\n| `db.acme.internal` | `db-71f3.internal` | hostname |\n| `AKIA4FROMTHEPROD7XYZ` | `AKIA9TQ3RBWELMX2K8VD` | aws-key |\n| `jane.ops@acme-corp.com` | `lena.park@example.net` | email |\n\n**Your terminal shows** \u0026nbsp;—\u0026nbsp; originals restored. The model's answer comes back\nabout *your* real database and key; the mapping is cached, so the same secret\nalways maps to the same fake and multi-turn conversations stay coherent. The\nprovider only ever saw the look-alikes.\n\n\u003e Nothing was configured. You just ran `claude`.\n\n---\n\n## How it works\n\n```mermaid\nsequenceDiagram\n    autonumber\n    participant C as claude\n    participant B as Bleep\n    participant P as api.anthropic.com\n    Note over C,B: your machine — nothing sensitive leaves here\n    C-\u003e\u003eB: prompt with real secrets\n    Note over B: scan and substitute\u003cbr/\u003ecache original to fake\n    B-\u003e\u003eP: request — look-alikes only\n    P--\u003e\u003eB: streamed response (about the fakes)\n    Note over B: reverse the mapping\n    B--\u003e\u003eC: originals restored\n```\n\n1. A local proxy terminates TLS for `*.anthropic.com` using a **per-machine CA**,\n   generated on first launch into `~/.bleep/ca/`. The private key never leaves\n   your machine and is never shipped — see [Security](#security).\n2. Outbound bodies are scanned against ~400 detection rules. Matches are replaced\n   with format-preserving fakes; the original→fake mapping is cached in a local\n   SQLite dictionary so a given secret always maps to the same fake.\n3. The sanitised request is forwarded upstream, and the streamed response is\n   de-anonymised back to the real values before your tool sees it.\n\n---\n\n## Install\n\nmacOS, Apple Silicon or Intel:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/tanguc/bleep-ai/main/install.sh | bash\n```\n\nThis installs `bleep` (wraps `claude`), the `bleep-gateway` binary, `Bleep.app`,\nand `bclaude` (a bypass-mode alias that runs `claude` direct, no proxy).\n\n\u003e Piping a remote script to `bash` requires trust — [`install.sh`](./install.sh)\n\u003e is self-contained and macOS-only, read it first if you prefer.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eAuto-start on login · enable/disable · uninstall\u003c/b\u003e\u003c/summary\u003e\n\n\u003cbr\u003e\n\nStart the gateway automatically at login:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/tanguc/bleep-ai/main/install.sh | bash -s -- --launch-agent\n```\n\nToggle redaction (also available in the menu-bar app's Settings):\n\n```bash\nbleep disable    # future claude sessions go direct to the provider\nbleep enable     # re-activate\nbleep status     # proxy + gateway health + CA path\n```\n\nUninstall:\n\n```bash\nbash \u003c(curl -fsSL https://raw.githubusercontent.com/tanguc/bleep-ai/main/install.sh) --uninstall\n```\n\nUser data is preserved on uninstall — the generated CA (`~/.bleep/ca/`), the fake\ndictionary (`~/.bleep/bleep-dictionary.db`), and `~/Library/Application Support/bleep`.\nDelete those manually for a full wipe.\n\n\u003c/details\u003e\n\n---\n\n## Security\n\nBleep is a TLS-intercepting proxy, so the **CA private key** is the most\nsensitive thing on the system — anything that trusts the CA can be impersonated.\n\n- The CA is **generated per machine** on first launch into `~/.bleep/ca/`\n  (directory `0700`, key `0600`). It is never baked into the binary, shipped in a\n  release, or committed to this repository.\n- Client trust is scoped through environment variables (`NODE_EXTRA_CA_CERTS`,\n  `BUN_CA_BUNDLE_PATH`, `SSL_CERT_FILE`) pointed at the generated cert — Bleep\n  does **not** touch the system keychain.\n- The proxy and stats server bind to `127.0.0.1` only.\n\nFound a vulnerability? See [`SECURITY.md`](./SECURITY.md) for private disclosure\n— please don't open a public issue for security reports.\n\n---\n\n## Build from source\n\n```bash\n# prerequisites: Rust (stable), Task — brew install go-task\ngit clone https://github.com/tanguc/bleep-ai \u0026\u0026 cd bleep-ai\ngit config core.hooksPath .githooks        # conventional-commit checks\n\ntask build           # release gateway binary\ntask run             # gateway on dev ports (no collision with an installed Bleep.app)\ntask test            # full test suite\ntask menu-bar        # build + run the menu-bar dashboard (dev)\ntask install-local   # build + install locally, exactly like the real installer\n```\n\nSee [`docs/OPERATIONS.md`](./docs/OPERATIONS.md) for implementation notes (CA,\nfake dictionary, literal-prefix preservation, MITM scope).\n\n---\n\n## Contributing\n\nContributions welcome — see [`CONTRIBUTING.md`](./CONTRIBUTING.md). In short:\n[Conventional Commits](https://www.conventionalcommits.org/) (enforced by\n`.githooks/commit-msg`), `cargo fmt` + `cargo clippy` clean, tests passing.\n\n| type | bump | example |\n| :-- | :-- | :-- |\n| `feat` | minor | `feat(menu-bar): add database reset buttons` |\n| `fix` | patch | `fix(gateway): evict hung connection on :9190` |\n| `perf` | patch | `perf(rules): compile regexes in parallel` |\n| `feat!` | major | `feat!: drop pre-v1 /redactions response shape` |\n| `chore` · `docs` · `refactor` · `test` · `ci` · `build` · `style` | none | |\n\n---\n\n## License\n\n[MIT](./LICENSE) © 2026 Sergen Tanguc.\n\nBleep bundles detection **pattern data** adapted from gitleaks (MIT),\nnosey-parker and detect-secrets (Apache-2.0), and secrets-patterns-db\n(**CC BY-SA 4.0** — the derived rule data carries the ShareAlike obligation). Full\nattribution in [`THIRD-PARTY-NOTICES.md`](./THIRD-PARTY-NOTICES.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftanguc%2Fbleep-ai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftanguc%2Fbleep-ai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftanguc%2Fbleep-ai/lists"}