Free Tool
Your AI reads your
secrets
CLAUDE.md and .cursorrules do not block file reads. They're suggestions. Your AI assistant can read every .env, every API key, every credential on your machine.
What devsafe diagnose finds
Real output from a real machine.
What this means
AI coding tools read files to help you write code. That includes .env files, config files, and anything else in your project directory.
CLAUDE.md rules and .cursorrules are instructions, not enforcement. The AI can still read the files. It just might choose not to mention them.
devsafe diagnose checks every tool you use across every path secrets can leak. devsafe shield blocks them for real.
Shield adds deny rules, .env.test files, and pre-commit hooks so your AI tools physically cannot read your secrets.
Free to run. Paid plans add real-time monitoring that alerts you when new exposures appear.
Shield blocks the read. Lockbox removes the file. Use both.
Import your .env into Lockbox and delete the original. Your secrets live in an encrypted binary vault that no text tool can parse.
Free forever. Your secrets stay on your machine in an encrypted binary vault. Run devsafe lockbox run -- npm start to inject them into any process.
Other free tools
devsafe scan
Find repos in cloud sync danger zones. Detects iCloud, Dropbox, and OneDrive corruption risks.
devsafe health
One score for every risk factor. Git config, hooks, remote status, and backup health.
devsafe mcp-scan
Audit your MCP configs for secrets. Finds API keys in Claude, Cursor, and VS Code configs.
devsafe lockbox
Encrypted secret vault. Import .env files, inject at runtime, share with time-limited grants.