Skip to content

Safety And Privacy

karurikwao edited this page Jul 5, 2026 · 1 revision

Safety And Privacy

ContextClean is designed for local-first use.

Local-First Behavior

The CLI does not need:

  • an API key
  • a hosted preprocessing service
  • a model provider
  • telemetry

Input is processed locally by the binary.

Secret Redaction

Secret-like values are redacted by default. The redaction pipeline covers common patterns such as:

  • API key assignments
  • bearer tokens
  • JWT-like values
  • private key blocks
  • credential URLs
  • sensitive URL query parameters
  • common provider token shapes

Redaction is defensive. It is not a complete security guarantee.

Sensitive Paths

Directory scans skip common sensitive paths by default, including examples such as:

  • .env
  • private key files
  • certificate files
  • credential directories
  • hidden credential files

Use --include-sensitive only when you explicitly need to include a sensitive file so it can pass through the redaction pipeline.

Ignore Rules

Repository scans respect:

  • .gitignore
  • .ctxcleanignore

Common generated and dependency directories are skipped by default:

  • .git
  • node_modules
  • target
  • dist
  • build
  • caches

Recommended Safety Workflow

  1. Run ctxclean report first on unfamiliar input.
  2. Inspect warnings and removed sections.
  3. Use --format json if you need structured evidence.
  4. Avoid --include-sensitive unless there is a clear reason.
  5. Avoid --no-redact-secrets for shared context.
  6. Inspect final context before sending it outside your machine.

What ContextClean Does Not Replace

ContextClean does not replace:

  • code review
  • secret scanning
  • legal review
  • security review
  • data classification policies

It is a local preprocessing layer, not a compliance system.

Clone this wiki locally