Every Claude Code and agent session is logged to disk in plaintext. Pasted .env files, echoed connection strings, API keys in tool output — all of it, forever. LeakSweep finds and redacts them. 100% local.
$ leaksweep scan LeakSweep v0.1.0 — scanned 97 files (284.4 MB) in 1.6s ⛔ 3 unique secrets (6 occurrences across 2 files) [CRITICAL] AWS Access Key ID AKIA…2Z9B fp:7647d8ba18 ×2 ~/.claude/projects/-myapp/1fac54de….jsonl:38 (assistant, 2026-07-06) [HIGH] Database URL with password s3cr…w0rd fp:dc44e47564 ×2 ~/.claude/projects/-myapp/1fac54de….jsonl:39 (user, 2026-07-06) Rotate any real credentials above, then clean transcripts with: leaksweep redact
Agent transcripts are the fastest-growing pile of unaudited plaintext on dev machines — outside your secret manager, outside .gitignore.
Session sync and sharing features ship transcripts off your machine. A pasted key becomes a cloud leak.
SOC 2 and ISO 27001 require knowing where credentials live. "In my AI chat logs" is now an answer you need.
Zero dependencies. No API keys. Nothing leaves your machine. Masked previews only — LeakSweep never prints a secret. MIT licensed.
Fleet-wide scanning across every developer's machine, a single compliance dashboard, CI gates on session sharing, and auto-rotation hooks. Coming soon — tell us you want it.
One email. We'll reply with early access and a founding-team price.