Local macOS utility that obfuscates sensitive data before it is pasted into AI chat interfaces.
It operates before paste, not after submission.
If sensitive data never enters the prompt, the incident does not exist.
Principiis obsta — resist the beginnings.
Pastewatch intervenes at the earliest irreversible boundary: the moment data leaves the user's control.
Once pasted into an AI system, data cannot be reliably recalled, audited, or constrained.
Pastewatch refuses that transition.
- Monitors clipboard content locally
- Detects high-confidence sensitive data
- Obfuscates detected values before paste
- Operates fully offline
- Shows minimal, explicit feedback when changes occur
Nothing more.
Pastewatch is not:
- a DLP system
- a compliance product
- a browser extension
- an LLM proxy
- a monitoring or logging tool
- an AI-powered classifier
- a policy engine
Pastewatch does not:
- block paste
- phone home
- store clipboard history
- guess or infer
- act when uncertain
False negatives are preferred over false positives.
Pastewatch modifies clipboard text locally before it is pasted.
It scans plain text for sensitive patterns and replaces them with non-sensitive placeholders.
Pastewatch does not hide clipboard contents from the operating system or applications, and it does not provide a way to restore original values after paste.
- Download the latest
.dmgfrom Releases - Open the DMG and drag
Pastewatch.appto Applications - Launch Pastewatch from Applications
- Grant notification permissions when prompted
git clone https://github.com/ppiankov/pastewatch.git
cd pastewatch
swift build -c release
./.build/release/pastewatchPastewatch detects only deterministic, high-confidence patterns:
| Type | Examples |
|---|---|
user@company.com |
|
| Phone | +60123456789, (555) 123-4567 |
| IP Address | 192.168.1.100 |
| AWS Keys | AKIAIOSFODNN7EXAMPLE |
| API Keys | sk_test_..., ghp_... |
| UUIDs | 550e8400-e29b-41d4-a716-446655440000 |
| JWT Tokens | eyJhbGciOiJIUzI1NiIs... |
| DB Connections | postgres://user:pass@host/db |
| SSH Keys | -----BEGIN RSA PRIVATE KEY----- |
| Credit Cards | 4111111111111111 (Luhn validated) |
No ML. No probabilistic scoring. No confidence levels.
If detection is ambiguous, Pastewatch does nothing.
Detected values are replaced with stable placeholders per paste:
john.doe@example.com → <EMAIL_1>
AKIAIOSFODNN7EXAMPLE → <AWS_KEY_1>
192.168.1.100 → <IP_1>
- Mapping exists only in memory
- Mapping is discarded immediately after paste
- No persistence
- No recovery mechanism
After paste, the system returns to rest.
-
Default behavior is silent
-
When obfuscation occurs, a minimal notification is shown:
Pastewatch: Obfuscated: Email (1), API Key (1)
No previews. No animations. No confirmations.
Silence is success.
Optional configuration file: ~/.config/pastewatch/config.json
{
"enabled": true,
"enabledTypes": ["Email", "Phone", "IP", "AWS Key", "API Key", "UUID", "DB Connection", "SSH Key", "JWT", "Card"],
"showNotifications": true,
"soundEnabled": false
}All settings can also be changed via the menubar dropdown.
Pastewatch assumes:
- Users will paste sensitive data
- AI systems are not trusted with raw secrets
- Prevention is cheaper than remediation
Pastewatch does not attempt to secure downstream systems. It prevents entry entirely.
- Local-only operation
- Deterministic behavior
- Minimal UI surface
- No background analytics
- No user accounts
- No configuration required for safe defaults
If a feature increases complexity without reducing risk, it is rejected.
macOS 14+ on Apple Silicon (M1 and newer).
Intel-based Macs are not supported.
Pastewatch applies Principiis obsta at the clipboard boundary. It is part of a family of tools applying the same principle at different surfaces:
| Project | Boundary | Intervention Point |
|---|---|---|
| Chainwatch | AI agent execution | Before tool calls |
| Pastewatch | Data transmission | Before paste |
| VaultSpectre | Secrets lifecycle | Before exposure |
| Relay | Human connection | Before isolation compounds |
Same principle. Different surfaces. Consistent philosophy.
- docs/design-baseline.md — Core philosophy and design priorities
- docs/hard-constraints.md — Non-negotiable rules
- docs/status.md — Current scope and non-goals
MIT License.
Use it. Fork it. Modify it.
Do not pretend it guarantees compliance or safety.
MVP — Experimental prototype.
The core detection and obfuscation work. Edge cases exist. Feedback welcome.