The doctor's visit for
your AI tooling.
Run devsafe diagnose before anything else. It scans your project for secrets that AI coding tools can see, tells you exactly what's exposed, and recommends what to do about it. Free. No account needed.
Usage
$ devsafe diagnose
That's it. No flags, no configuration, no account. Just run it in any project directory and DevSafe will scan for AI-related secret exposure.
What it checks
devsafe diagnose inspects four exposure paths. These are the ways secrets end up visible to AI coding tools, often without the developer realizing it.
1. Environment files readable by AI context windows
AI tools read your project files to provide suggestions. If your .env file is in the project root (and not excluded from the tool's context), the AI can see every secret in it. API keys, database passwords, auth tokens. diagnose checks whether your .env files are accessible to each detected AI tool's context window.
2. MCP server configs with hardcoded tokens
MCP (Model Context Protocol) servers connect AI tools to external services. Many developers hardcode API tokens directly into MCP config files instead of using environment variable references. diagnose scans MCP configurations for plaintext secrets.
3. AI session logs that captured secrets
When an AI tool reads a secret during a session, that secret may persist in session logs, conversation history, or cache files on your machine. diagnose checks these log locations for leaked secret material.
4. Git-tracked secrets that AI tools can read
If a secret was committed to your git history (even if later removed from the working tree), AI tools that index your repository can still find it. diagnose checks for secrets in tracked files and warns about historical exposure.
Detected AI tools
diagnose automatically detects which AI coding tools are installed by looking for their configuration files and directories:
- Claude Code (
CLAUDE.md,.claude/) - Cursor (
.cursor/rules/,.cursorrc) - GitHub Copilot (
.github/copilot-instructions.md) - Windsurf
- Cline
- Continue.dev
If a tool isn't installed, it's skipped. If none are detected, diagnose tells you so and exits cleanly.
Example output
$ devsafe diagnose DevSafe AI Diagnosis scanning ~/Projects/api-server Detected AI tools: ✓ Claude Code .claude/, CLAUDE.md ✓ Cursor .cursor/rules/ ✓ GitHub Copilot .github/copilot-instructions.md Exposure path 1: .env files in AI context ⚠ EXPOSED .env readable by Claude Code context window ⚠ EXPOSED .env readable by Cursor context window found 4 secrets: STRIPE_SK, DATABASE_URL, RESEND_KEY, JWT_SECRET Exposure path 2: MCP configs with hardcoded tokens ⚠ EXPOSED .cursor/mcp.json contains 2 plaintext tokens ✓ clean .claude/mcp_servers.json uses env var references Exposure path 3: AI session logs ⚠ FOUND 3 secrets captured in Cursor session logs ~/.cursor/logs/2026-06-28-session.log Exposure path 4: Git-tracked secrets ✓ clean no secrets found in tracked files ──────────────────────────────────────── 4 exposures found across 3 paths Recommended next steps: 1. Run devsafe shield to block .env from AI context windows 2. Run devsafe lockbox import .env to encrypt secrets at rest 3. Run devsafe mcp-scan for a deeper MCP config audit 4. Delete session logs: ~/.cursor/logs/2026-06-28-session.log
What to do with the results
diagnose tells you what's wrong. The other DevSafe commands fix it.
- devsafe shield blocks AI tools from reading sensitive files. It adds the right ignore rules for each detected tool so your
.envfiles stay out of AI context windows. - devsafe lockbox import encrypts your secrets and stores them in a Lockbox. Instead of plaintext
.envfiles sitting in your project, your secrets live in an encrypted vault that AI tools cannot read. - devsafe mcp-scan does a deeper audit of your MCP server configurations. It checks for hardcoded tokens, overly broad permissions, and unsafe server connections.
Think of diagnose as the examination and these commands as the treatment. Run the diagnosis first, then address each finding.
devsafe diagnose is the recommended first command for any project. It takes seconds, costs nothing, and gives you a clear picture of your AI secret exposure before you make any changes. If you only run one DevSafe command, make it this one.
How it works
diagnose runs entirely on your machine. It does not send any data anywhere. Here is what happens when you run it:
- Scans the current directory for AI tool configuration files and directories
- Identifies
.envfiles and checks whether each detected AI tool can access them - Parses MCP configuration files (JSON) and looks for string values that match common secret patterns (API keys, tokens, passwords)
- Checks known session log locations for each detected tool
- Runs a pattern-based scan on git-tracked files for common secret formats
No network requests. No telemetry. No account required. The binary does everything locally.
Exit codes
0: no exposures found1: one or more exposures found2: error during scan (e.g., permission denied on a file)
This makes diagnose easy to use in CI pipelines or git hooks. A non-zero exit means something needs attention.