Secure Agent

About

**What It Does**

Browser extension. Sits between you and AI chat tools. Scans every message before send. Finds sensitive data — emails, phones, cards, addresses, national IDs, secrets — pauses the send, shows what it found, hands you control. Allow once, allow chat, redact all, redact picked, or cancel.
Runs fully local. Nothing uploaded. No account, no telemetry, no backend. Prompts stay yours.

**Why**

You've probably already leaked something to a chat tool. A stack trace with a secret still in the env dump. A resume with your phone and address in the header. A query with a production DB string. A bug report with a customer email buried in it.
Felt harmless. Wasn't. Those messages become retained logs, training candidates, data points that surface later. Once data crosses the wire you can't pull it back. The risk moment is always right before Enter. After is too late.

**How**

Manifest V3 extension. Activates only on supported chat domains. No access to other tabs, history, or unrelated cookies.
On Send (Enter, click, submit) the interceptor catches the event in capture phase, reads the input, runs detection.
Clean message → passes instantly. No lag, no UI noise.

Hit → send blocked. Popup renders inside a closed Shadow DOM so host CSS can't touch it. Each match shows type, masked preview, checkbox:
  - Allow Once (1)
  - Allow Chat (2) — by URL or session
  - Redact All (3)
  - Redact Selected (4)
  - Cancel (Esc)

  Keyboard shortcuts throughout.

**What It Detects**

Six categories. Context-aware matching, checksum validation, low false positives.
  - Emails — standard addresses.
  - Phones — common international formats. Bare 10-digit numbers require a nearby context word (phone, call, mobile, contact) within 40 chars. "my number is 9876543210" fires; "order
  #9876543210" doesn't.
  - Addresses — street addresses with common suffixes, apartment/suite, PO boxes, US/Indian/UK/Canadian postal codes. Short numeric codes need address-adjacent context.
  - Card numbers — major networks, validated via Luhn. Random 16-digit numbers don't trigger.
  - National IDs — 12-digit government IDs, separated or bare. Bare form requires context words within 40 chars. Verhoeff checksum validation — same algorithm the issuing authority uses.
  - API keys / credentials — 50+ provider token formats plus generic credential patterns. The .env-paste case.

**Redaction**
Doesn't strip text blindly. Replaces with labeled placeholders:
  - [EMAIL REDACTED]
  - [PHONE REDACTED]
  - [ADDRESS REDACTED]
  - [CARD REDACTED]
  - [ID REDACTED]
  - [API_KEY REDACTED]

Structure preserved, payload gone. Partial masking mode available — keeps recognizable tail fragments (last 4 of a card, email domain, key prefix/suffix).

**Controls**

Options page, collapsible sections:

  - General — override mode (URL-permanent or session), redaction style, preview masking
  - Detection — per-category toggles
  - Custom Patterns — your own regex for internal IDs, codenames
  - Whitelist / URL Overrides — pre-approved chats
  - Stats — running counts per category

Master toggle in popup for instant on/off.

**Why Not Alternatives**

Manual review: friction too high, people quit in days.
Corporate DLP: mostly email and file uploads. Chat coverage usually a proxy that adds latency and breaks on UI changes.
Provider goodwill: retention policies shift. Data sent is data gone.
This is the smallest real defense: a local, zero-trust filter that blocks sensitive strings at the browser boundary, per message, with consent. No cloud. No account. No backend. No IT ticket.

**Who It's For**

  - Engineers debugging prod with live clipboards
  - Security researchers handling credentials daily
  - Recruiters and HR processing candidate data
  - Finance/ops pasting spreadsheets and invoices
  - Anyone drafting docs or emails with personal details
  - Users needing national ID protection with real checksum validation
  - Developers working with API keys across many providers
  - Compliance teams needing evidence data isn't leaking to third-party AI

**Install and Forget**

Invisible until it speaks up. No nagging, no keystroke popups, no slowdowns, no UI breakage, no extra permissions. Runs quiet, catches what matters, stays out of the way.
Best security tool is the one you don't think about. Install, configure once, let it catch the mistake you'd make six months from now at 2 a.m.
Your secrets stay secret. Your chat tools stay useful. Nothing else changes.