https://github.com/sgasser/pasteguard

Privacy proxy for LLMs - masks PII and secrets before upstream or routes to local LLM. OpenAI API compatible.
https://github.com/sgasser/pasteguard

llm openai pii presidio privacy proxy

Last synced: 8 days ago
JSON representation

Privacy proxy for LLMs - masks PII and secrets before upstream or routes to local LLM. OpenAI API compatible.

• Host: GitHub
• URL: https://github.com/sgasser/pasteguard
• Owner: sgasser
• License: apache-2.0
• Created: 2026-01-08T10:13:56.000Z (about 1 month ago)
• Default Branch: main
• Last Pushed: 2026-01-19T09:35:02.000Z (29 days ago)
• Last Synced: 2026-01-19T16:42:41.973Z (28 days ago)
• Topics: llm, openai, pii, presidio, privacy, proxy
• Language: TypeScript
• Homepage: https://pasteguard.com
• Size: 5.07 MB
• Stars: 416
• Watchers: 1
• Forks: 14
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-repositories - sgasser/pasteguard - AI gets the context. Not your secrets. Open-source privacy proxy for LLMs. (TypeScript)
• awesome-ChatGPT-repositories - pasteguard - ⭐ 461 / Privacy proxy for LLMs - masks PII and secrets before upstream or routes to local LLM. OpenAI API compatible. (NLP)

README

          


  

    

    

    

  





  

  

  





  AI gets the context. Not your secrets.


  Automatically hides names, emails, and API keys before you send prompts to AI.





  Quick Start ·

  Chat ·

  Coding Tools ·

  Documentation






  

  

  



  Detects 30+ types of sensitive data across 24 languages.


  Your data never leaves your machine.



## Works Everywhere

**[Chat](https://pasteguard.com/docs/use-cases/chat)** — Masks PII and secrets when you paste into ChatGPT, Claude, and Gemini. You see originals, AI sees placeholders.

**[Apps](https://pasteguard.com/docs/use-cases/apps)** — Open WebUI, LibreChat, or any self-hosted AI setup. Optionally routes sensitive requests to a local model.

**[Coding Tools](https://pasteguard.com/docs/use-cases/coding-tools)** — Cursor, Claude Code, Copilot, Windsurf — your codebase context flows to the provider. PasteGuard masks secrets and PII before they leave.

**[API Integration](https://pasteguard.com/docs/use-cases/api-integration)** — Sits between your code and OpenAI or Anthropic. Change one URL, your users' data stays protected.

## Quick Start

Run PasteGuard as a local proxy:

```bash

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:en

```

Point your tools or app to PasteGuard instead of the provider:

| API | PasteGuard URL | Original URL |

|----------|----------------|--------------|

| OpenAI | `http://localhost:3000/openai/v1` | `https://api.openai.com/v1` |

| Anthropic | `http://localhost:3000/anthropic` | `https://api.anthropic.com` |

```python

# One line to protect your data

client = OpenAI(base_url="http://localhost:3000/openai/v1")

```

European Languages

For German, Spanish, French, Italian, Dutch, Polish, Portuguese, and Romanian:

```bash

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:eu

```

For custom config, persistent logs, or other languages: **[Read the docs →](https://pasteguard.com/docs/installation)**

Route Mode

Route Mode sends requests containing sensitive data to a local LLM (Ollama, vLLM, llama.cpp). Everything else goes to OpenAI or Anthropic. Sensitive data stays on your network.

**[Route Mode docs →](https://pasteguard.com/docs/concepts/route-mode)**

## Chat

Open-source browser extension for ChatGPT, Claude, and Gemini.

- Paste customer data → masked before it reaches the AI

- AI responds with placeholders → you see the originals

- Works with the same detection engine as the proxy

Currently in beta. Apache 2.0.

**[Join the Beta →](https://tally.so/r/J9pNLr)** · **[Chat docs →](https://pasteguard.com/docs/use-cases/chat)**

## Coding Tools

Protect your codebase context and secrets when using AI coding assistants.

**Claude Code:**

```bash

ANTHROPIC_BASE_URL=http://localhost:3000/anthropic claude

```

**Cursor:** Settings → Models → Enable "Override OpenAI Base URL" → `http://localhost:3000/openai/v1`

**[Coding Tools docs →](https://pasteguard.com/docs/use-cases/coding-tools)**

## Dashboard

Every request is logged with masking details. See what was detected, what was masked, and what reached the provider.



[localhost:3000/dashboard](http://localhost:3000/dashboard)

## What it catches

**Personal data** — Names, emails, phone numbers, credit cards, IBANs, IP addresses, locations. Powered by [Microsoft Presidio](https://microsoft.github.io/presidio/). 24 languages.

**Secrets** — API keys (OpenAI, Anthropic, Stripe, AWS, GitHub), SSH and PEM private keys, JWT tokens, bearer tokens, passwords, connection strings.

Both detected and masked in real time, including streaming responses.

## Tech Stack

[Bun](https://bun.sh) · [Hono](https://hono.dev) · [Microsoft Presidio](https://microsoft.github.io/presidio/) · SQLite

## Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to contribute.

## License

[Apache 2.0](LICENSE)