Sweep
Scans the local config directories of Claude, Cursor, Windsurf, Codex, and Antigravity for API keys, tokens, and credentials that ended up in file history, session logs, and paste caches. Redacts them in-place or deletes the files, with an encrypted vault so you can restore if needed.
What It Does
Every session an AI coding agent runs, it caches files, logs conversations, and stores paste buffers locally. Any of those files that contain API keys or credentials now have those secrets sitting in plaintext directories on your machine, outside your project, outside version control, outside any scanner that runs on your repo.
Sweep scans these directories using gitleaks and gives you three options:
Dry run. See what's exposed without changing anything.
Mask secrets in-place. Originals saved to encrypted vault.
Remove residue files entirely. Secrets saved to vault first.
Config files your tools need to function (settings.json, auth.json, .env) are never touched. Sweep only targets residue — file history, session logs, paste caches, and conversation dumps.
Why It Matters
One .env file read during a debugging session can end up copied across five different cache directories. None of them are git-tracked. Your repo scanner never touches them. Anyone with read access to your home directory can.
| Tool | Directory | Residue locations |
|---|---|---|
| Claude Code | ~/.claude | file-history, projects/**/**.jsonl, paste-cache, history.jsonl |
| Cursor | ~/.config/Cursor | logs, session data |
| Windsurf | ~/.codeium | logs, activity data |
| Codex | ~/.codex | sessions, vendor imports |
| Antigravity | ~/.antigravity | session data, caches |
Setup
Requirements
- gitleaks — the secret detection engine
- jq — JSON processing (used internally)
- openssl — vault encryption (ships with macOS and Linux)
- Python 3.8+ — Warden runtime
$ brew install gitleaks jqInstall Prismor
Sweep ships with the prismor CLI. Install it if you haven't already:
Option A — pip (recommended)
pip install prismorOption B — git clone + wizard
$ git clone https://github.com/PrismorSec/prismor.git ~/.prismor
$ bash ~/.prismor/scripts/init.sh .Usage
Scan (dry run)
See what's exposed without changing anything:
$ prismor sweep[sweep] Found claude config: ~/.claude
[sweep] Found codex config: ~/.codex
[sweep] Scanning ~/.claude...
[sweep] Scanning ~/.codex...
[sweep] Found 1200 secret(s): 1197 in residue, 3 in config files
* anthropic-api-key (18 occurrences)
~/.claude/file-history/abc123/config@v1:102
...and 16 more
* stripe-access-token (48 occurrences)
...
[sweep] 3 secret(s) in config files (skipped)
[sweep] Dry run - no files modified.Scan a specific directory
$ prismor sweep . # current directory
$ prismor sweep /path/to/project # any folder
$ prismor sweep ~/proj-a ~/proj-b # multiple foldersRedact secrets
Replace secrets in residue files with masked versions (e.g., sk-an****...), saving originals to an encrypted vault:
$ prismor sweep --redactYour vault passphrase is shown once.
On first run, you'll be asked to create a passphrase to encrypt the vault. This passphrase cannot be recovered. If you lose it, the vault is permanently locked. Store it in a password manager or encrypted note — not in a file inside these config directories.
Delete residue files
Removes the files entirely rather than masking them. Requires your vault passphrase — this prevents a rogue agent from quietly deleting evidence:
$ prismor sweep --cleanRestore from vault
$ prismor sweep --show-vault # inspect vault
$ prismor sweep --restore --all # restore everything
$ prismor sweep --restore --file ~/.claude/file-history/abc # restore one fileRedact without backup (purge mode)
If you've already rotated the leaked keys and don't need recovery:
$ prismor sweep --redact --purgeNo vault is created. No recovery is possible. Use this when the correct response to a leak is rotation, not restoration.
Parameters
| Flag | Description |
|---|---|
| (positional) | Directories to scan (default: AI tool config dirs) |
| --redact | Mask secrets and save originals to encrypted vault |
| --clean | Delete files containing secrets (passphrase required) |
| --restore | Restore secrets from vault |
| --show-vault | Display vault contents (passphrase required) |
| --purge | With --redact: skip vault, no recovery |
| --all | With --restore: restore all entries |
| --file PATH | With --restore: restore only this file |
Environment variables
| Variable | Description |
|---|---|
| PRISMOR_SWEEP_PASS | Vault passphrase for non-interactive / CI use |
| PRISMOR_HOME | Override Prismor home directory (default: ~/.prismor) |
Examples
Example 1: First-time audit of your machine
You've been using Claude Code and Cursor for months. You want to know what's leaked.
# Step 1: See the damage
$ prismor sweep
# Found 847 secret(s): 840 in residue, 7 in config files
# Step 2: Redact everything in residue
$ prismor sweep --redact
# Creates vault, masks 840 secrets. Config files untouched.
# Step 3: Verify
$ prismor sweep
# Found 7 secret(s): 0 in residue, 7 in config files
# Clean. Only intentional config secrets remain.Example 2: Scanning a project before sharing
You're about to share a project folder with a colleague or push to a public repo. Sweep it first:
# Scan and redact just this project
$ prismor sweep ./my-project --redact
# Or be aggressive - delete any file with leaked secrets
$ prismor sweep ./my-project --cleanThe Vault
All redacted secrets are stored in a single encrypted file:
- Encrypted with AES-256-CBC + PBKDF2 via OpenSSL
- Protected by a passphrase you choose on first run
- Accumulates entries across runs (one file, not many)
- Each entry records: file path, line, column, original secret, mask, detection rule, and timestamp
The passphrase is never stored anywhere. If you lose it, the vault cannot be decrypted. Store it in a password manager.