PasteGuard 🛡️

Prevent Accidental Secret Leaks to AI Chats

PasteGuard is a VS Code extension that intelligently detects secrets (API keys, passwords, tokens, credentials) before you paste them into AI chat tools like GitHub Copilot, preventing accidental exposure of sensitive information.

Created by: Praveen Raj Ragunathan | Developer & Security Innovation Specialist

🎯 The Problem

Developers frequently copy code containing secrets (API keys, passwords, database strings) and accidentally paste them into AI chat tools, creating security risks:

Credentials exposed in chat logs
Secrets inadvertently shared in screenshots
Compliance violations
Security audit failures

✨ The Solution

PasteGuard acts as a smart clipboard guard that:

🔍 Scans clipboard content in real-time before paste
⚡ Fast - <10ms scan time, scans all paste operations
🛡️ Blocks paste with modal dialog when secrets detected
📊 Audit Trail - Logs all detections for compliance

🚀 Quick Start

Option 1: Install from VS Code Marketplace (Recommended)

Open VS Code
Go to Extensions (Ctrl+Shift+X)
Search for "PasteGuard"
Click Install
Reload VS Code

Option 2: Install from VSIX File

Download pasteguard-1.0.0.vsix from Releases
Open VS Code
Extensions → ... menu → "Install from VSIX"
Select the .vsix file
Reload VS Code

Option 3: Clone & Build from Source (Developers)

# Clone repository
git clone https://github.com/Praveen-Raj-Ragunathan/PasteGuard.git
cd PasteGuard

# Install dependencies
npm install

# Compile TypeScript
npm run compile

# Test in development
Press F5 in VS Code

# Package as VSIX
npm run package

First Use

Copy any code with a secret (e.g., AKIAIOSFODNN7EXAMPLE)
Try pasting anywhere (Ctrl+V)
PasteGuard will block and show dialog ⚠️
Click "✅ Approve Paste" to proceed or close modal to cancel

🔍 What Gets Detected?

21 Secret Patterns + Entropy Analysis

Category	Secret Types	Example
Cloud (AWS)	Access Key, Secret Key	`AKIA...`, `wJal...`
Cloud (Azure)	Storage Account Key	`AccountKey=...==`
Cloud (Google)	API Key, OAuth Token	`AIza...`, `ya29...`
Version Control	GitHub Token (PAT, OAuth, App)	`ghp_...`, `gho_...`, `ghs_...`
AI Services	OpenAI API Key	`sk-proj-...`, `sk-...`
Communication	Slack Token	`xoxb-...`, `xoxp-...`
Payments	Stripe API Key	`sk_live_...`, `pk_live_...`
Authentication	Generic Password, Bearer Token, JWT, Basic Auth	`password="..."`, `Bearer eyJ...`
Databases	Connection Strings	`postgresql://...`, `mongodb://...`, `mysql://...`
Crypto	Private Keys (RSA, SSH, Generic)	`-----BEGIN PRIVATE KEY-----`
Unknown	High Entropy Strings	Random 32+ char strings with high randomness

97% Test Pass Rate - 33 of 34 test cases passing

⚙️ Configuration

Customize behavior via Settings (File → Preferences → Settings → Search "pasteguard"):

Setting	Default	Description
`pasteguard.enabled`	`true`	Master switch - enable/disable extension
`pasteguard.logViolations`	`true`	Log detected secrets for audit trail

Quick Settings Access

{
  "pasteguard.enabled": true,
  "pasteguard.logViolations": true
}

🛠️ Commands

Access via Command Palette (Ctrl+Shift+P):

Command	Keybinding	Description
PasteGuard: Smart Paste	`Ctrl+V`	Main paste with secret detection
PasteGuard: Scan Clipboard	-	Scan without pasting, show report
PasteGuard: Toggle Protection	-	Temporarily enable/disable
PasteGuard: Show Output	-	Open PasteGuard logs

🔒 Privacy & Security

✅ 100% Local - All scanning happens on your machine
✅ Zero Telemetry - No data ever leaves your computer
✅ No Network Calls - Completely offline operation
✅ Zero Runtime Dependencies - No external libraries
✅ Open Source - Full code transparency (MIT License)
✅ Audit Trail - All actions logged to Output channel

📊 Performance

⚡ Scan Time: 5-10ms per paste
⚡ Cache Hit: <1ms (repeated content)
💾 Memory: 5-minute cache expiry, 100 entry limit
🎯 Accuracy: 97% test pass rate

👨‍💻 Author

Praveen Raj Ragunathan

Developer & Security Innovation Specialist

🔗 GitHub: @Praveen-Raj-Ragunathan
📧 Email: Available via GitHub profile
🏢 Focus: Security Innovation, Developer Tools, Privacy-First Solutions

This extension was designed and developed from scratch as a practical security solution for the developer community.

🎖️ Project Highlights

✅ Original Concept & Implementation: Complete design and development
✅ Architecture: 21-pattern secret scanner with intelligent detection
✅ Performance: Optimized to <10ms scan time with smart caching
✅ Production Ready: 97% test coverage, zero dependencies, fully documented
✅ Security Focus: 100% local processing, no telemetry, audit trail

🤝 Contributing

We welcome contributions! Please see CONTRIBUTING.md for:

How to report bugs
Feature request process
Development guidelines
Pull request procedure

📞 Support

🐛 Found a bug? Open an issue
💡 Have a feature idea? Start a discussion
📚 Need help? Check the FAQ section

❓ FAQ

Q: Will PasteGuard slow down my editor?
A: No. Scans complete in <10ms, cached results in <1ms. You won't notice any performance impact.

Q: Does PasteGuard send my clipboard to the cloud?
A: Absolutely not. Everything happens locally on your machine. Zero telemetry, zero network calls.

Q: Can I disable PasteGuard for specific files?
A: Yes. Edit your settings to disable by file type or context, or use the "Safe Paste" command.

Q: What if I have a legitimate secret I need to paste?
A: Click "Approve Paste" in the modal dialog to proceed. You can also use "Safe Paste" command.

Q: Is this extension open source?
A: Yes! Licensed under MIT. See LICENSE for details.

Q: How often is this updated?
A: Check CHANGELOG.md for version history and updates.

🏗️ Architecture

┌─────────────────────────────────────────┐
│          User presses Ctrl+V            │
└──────────────────┬──────────────────────┘
                   ↓
┌─────────────────────────────────────────┐
│       Context Detector (5 layers)       │
│  ✓ Configuration check                  │
│  ✓ Active editor URI/scheme             │
│  ✓ Language ID detection                │
│  ✓ Terminal context                     │
│  ✓ Visible editors scan                 │
└──────────────────┬──────────────────────┘
                   ↓
            Is Risky Context?
                   │
        ┌──────────┴──────────┐
        NO                    YES
        │                      │
   Paste Directly         ┌───▼───┐
   (<1ms)                 │ Cache?│
                          └───┬───┘
                              │
                      ┌───────┴────────┐
                    MISS              HIT
                      │                │
              ┌───────▼──────┐    (<1ms)
              │   Scanner    │
              │ 21 Patterns  │
              │ + Entropy    │
              └───────┬──────┘
                      ↓
                 Secrets Found?
                      │
              ┌───────┴────────┐
             NO               YES
              │                 │
         Paste Directly    ┌───▼───────┐
                           │ UI Modal  │
                           │ 5 Options │
                           └───────────┘

� License

MIT License - see LICENSE

🙏 Acknowledgments

This extension was independently developed by Praveen Raj Ragunathan as a security solution for the developer community. Built with dedication to help prevent accidental secret leaks in modern development workflows.

Special thanks to all early testers who provided valuable feedback.

Guard Every Paste 🛡️

Protecting developers from accidental secret leaks since 2025

Created by Praveen Raj Ragunathan