Open Source · Apache 2.0

Sweep

Scans the local config directories of Claude, Cursor, Windsurf, Codex, and Antigravity for API keys, tokens, and credentials that ended up in file history, session logs, and paste caches. Redacts them in-place or deletes the files, with an encrypted vault so you can restore if needed.

View on GitHub

What It Does

Every session an AI coding agent runs, it caches files, logs conversations, and stores paste buffers locally. Any of those files that contain API keys or credentials now have those secrets sitting in plaintext directories on your machine, outside your project, outside version control, outside any scanner that runs on your repo.

Sweep scans these directories using gitleaks and gives you three options:

Report

Dry run. See what's exposed without changing anything.

Redact

Mask secrets in-place. Originals saved to encrypted vault.

Delete

Remove residue files entirely. Secrets saved to vault first.

Config files your tools need to function (settings.json, auth.json, .env) are never touched. Sweep only targets residue — file history, session logs, paste caches, and conversation dumps.

Why It Matters

One .env file read during a debugging session can end up copied across five different cache directories. None of them are git-tracked. Your repo scanner never touches them. Anyone with read access to your home directory can.

ToolDirectoryResidue locations
Claude Code~/.claudefile-history, projects/**/**.jsonl, paste-cache, history.jsonl
Cursor~/.config/Cursorlogs, session data
Windsurf~/.codeiumlogs, activity data
Codex~/.codexsessions, vendor imports
Antigravity~/.antigravitysession data, caches

Setup

Requirements

  • gitleaks — the secret detection engine
  • jq — JSON processing (used internally)
  • openssl — vault encryption (ships with macOS and Linux)
  • Python 3.8+ — Warden runtime
Terminal
$ brew install gitleaks jq

Install Prismor

Sweep ships with the prismor CLI. Install it if you haven't already:

Option A — pip (recommended)

Terminal
pip install prismor

Option B — git clone + wizard

Terminal
$ git clone https://github.com/PrismorSec/prismor.git ~/.prismor
$ bash ~/.prismor/scripts/init.sh .

Usage

Scan (dry run)

See what's exposed without changing anything:

Terminal
$ prismor sweep
Output
[sweep] Found claude config: ~/.claude
[sweep] Found codex config: ~/.codex
[sweep] Scanning ~/.claude...
[sweep] Scanning ~/.codex...
[sweep] Found 1200 secret(s): 1197 in residue, 3 in config files

  * anthropic-api-key  (18 occurrences)
    ~/.claude/file-history/abc123/config@v1:102
    ...and 16 more
  * stripe-access-token  (48 occurrences)
    ...

[sweep] 3 secret(s) in config files (skipped)
[sweep] Dry run - no files modified.

Scan a specific directory

Terminal
$ prismor sweep .                        # current directory
$ prismor sweep /path/to/project          # any folder
$ prismor sweep ~/proj-a ~/proj-b         # multiple folders

Redact secrets

Replace secrets in residue files with masked versions (e.g., sk-an****...), saving originals to an encrypted vault:

Terminal
$ prismor sweep --redact

Your vault passphrase is shown once.

On first run, you'll be asked to create a passphrase to encrypt the vault. This passphrase cannot be recovered. If you lose it, the vault is permanently locked. Store it in a password manager or encrypted note — not in a file inside these config directories.

Delete residue files

Removes the files entirely rather than masking them. Requires your vault passphrase — this prevents a rogue agent from quietly deleting evidence:

Terminal
$ prismor sweep --clean

Restore from vault

Terminal
$ prismor sweep --show-vault                                  # inspect vault
$ prismor sweep --restore --all                               # restore everything
$ prismor sweep --restore --file ~/.claude/file-history/abc   # restore one file

Redact without backup (purge mode)

If you've already rotated the leaked keys and don't need recovery:

Terminal
$ prismor sweep --redact --purge

No vault is created. No recovery is possible. Use this when the correct response to a leak is rotation, not restoration.

Parameters

FlagDescription
(positional)Directories to scan (default: AI tool config dirs)
--redactMask secrets and save originals to encrypted vault
--cleanDelete files containing secrets (passphrase required)
--restoreRestore secrets from vault
--show-vaultDisplay vault contents (passphrase required)
--purgeWith --redact: skip vault, no recovery
--allWith --restore: restore all entries
--file PATHWith --restore: restore only this file

Environment variables

VariableDescription
PRISMOR_SWEEP_PASSVault passphrase for non-interactive / CI use
PRISMOR_HOMEOverride Prismor home directory (default: ~/.prismor)

Examples

Example 1: First-time audit of your machine

You've been using Claude Code and Cursor for months. You want to know what's leaked.

Terminal
# Step 1: See the damage
$ prismor sweep
# Found 847 secret(s): 840 in residue, 7 in config files

# Step 2: Redact everything in residue
$ prismor sweep --redact
# Creates vault, masks 840 secrets. Config files untouched.

# Step 3: Verify
$ prismor sweep
# Found 7 secret(s): 0 in residue, 7 in config files
# Clean. Only intentional config secrets remain.

Example 2: Scanning a project before sharing

You're about to share a project folder with a colleague or push to a public repo. Sweep it first:

Terminal
# Scan and redact just this project
$ prismor sweep ./my-project --redact

# Or be aggressive - delete any file with leaked secrets
$ prismor sweep ./my-project --clean

The Vault

All redacted secrets are stored in a single encrypted file:

~/.prismor/sweep.vault.enc
  • Encrypted with AES-256-CBC + PBKDF2 via OpenSSL
  • Protected by a passphrase you choose on first run
  • Accumulates entries across runs (one file, not many)
  • Each entry records: file path, line, column, original secret, mask, detection rule, and timestamp

The passphrase is never stored anywhere. If you lose it, the vault cannot be decrypted. Store it in a password manager.