Your AI coding agent saw your secrets.
Its transcripts remember them.

Every Claude Code and agent session is logged to disk in plaintext. Pasted .env files, echoed connection strings, API keys in tool output — all of it, forever. LeakSweep finds and redacts them. 100% local.

$ leaksweep scan
LeakSweep v0.1.0 — scanned 97 files (284.4 MB) in 1.6s

⛔ 3 unique secrets (6 occurrences across 2 files)

[CRITICAL] AWS Access Key ID  AKIA…2Z9B  fp:7647d8ba18 ×2
    ~/.claude/projects/-myapp/1fac54de….jsonl:38  (assistant, 2026-07-06)
[HIGH] Database URL with password  s3cr…w0rd  fp:dc44e47564 ×2
    ~/.claude/projects/-myapp/1fac54de….jsonl:39  (user, 2026-07-06)

Rotate any real credentials above, then clean transcripts with:  leaksweep redact

Why now

Plaintext, forever

Agent transcripts are the fastest-growing pile of unaudited plaintext on dev machines — outside your secret manager, outside .gitignore.

Local leaks go cloud

Session sync and sharing features ship transcripts off your machine. A pasted key becomes a cloud leak.

Auditors will ask

SOC 2 and ISO 27001 require knowing where credentials live. "In my AI chat logs" is now an answer you need.

Try it — free CLI

$ npm install -g leaksweep && leaksweep scan

Zero dependencies. No API keys. Nothing leaves your machine. Masked previews only — LeakSweep never prints a secret. MIT licensed.

LeakSweep for Teams

Fleet-wide scanning across every developer's machine, a single compliance dashboard, CI gates on session sharing, and auto-rotation hooks. Coming soon — tell us you want it.

One email. We'll reply with early access and a founding-team price.