Sieve: Local Secret Scanner for AI Coding Tool Chat Histories

Sieve is a macOS app that detects leaked secrets (API keys, tokens, passwords) from AI coding assistant chat histories. It targets a blind spot: while standard git scanners miss these local transcript stores, Sieve reads SQLite databases and plaintext files where agents record their actions.

What it scans

• Claude Code (~/.claude/)
• Cursor (Application Support/Cursor/)
• VS Code Copilot (Application Support/Code/)
• VS Code Insiders (Application Support/Code - Insiders/)
• Windsurf (Application Support/Windsurf/)
• Codex (~/.codex/)
• .env files in your project directories

Key features

• 100% local scanning — no network requests, no telemetry, no account required.
• Severity-based flagging of detected secrets.
• Redaction directly in VS Code SQLite chat databases (.vscdb), with timestamped backups before changes.
• Vault — new secret values stored in macOS Keychain, never exposed; copying requires Touch ID or login password.
• MCP integration — a local MCP server for Claude Code to check for exposed secrets, query findings, and run commands with vault-injected credentials without revealing raw secret values.
• Open source core (SieveCore).

Permissions model

Sieve uses macOS security-scoped bookmarks. On first launch, you grant read access to each tool's folder via a standard Open dialog. No further prompts after initial grant.

Practical concern

AI coding tools routinely read .env files as part of normal operation. Every secret they touch gets embedded in their local transcript/state files — unencrypted, outside .gitignore, persisted indefinitely. Sieve fills the gap that gitleaks and detect-secrets miss.

Available on the Mac App Store for $9.99. Requires macOS 13.0 or later. Size: 4 MB.