PrivacyWeave — VS Code Extension (demo)

This is a demo VS Code extension implementing the features described in your uploaded PDF:

• Real-time scanning for sensitive patterns
• Diagnostic + status-bar alerts
• Generate .copilotignore
• Install a Git pre-commit hook that blocks commits containing detected secrets
• Sanitize (mask / tokenize) a file's content into a new temporary editor for safe pasting to AI tools

IMPORTANT: This is a proof-of-concept. Do not rely on it as a sole security control in production. Read the "Limitations & Security" section below.

What's included

• TypeScript extension source (src/)
• Node helper for the repo pre-commit hook written into the workspace (.privacyweave/precommit-runner.js) when you run the install command
• .copilotignore template
• Commands:
  • PrivacyWeave: Scan Workspace
  • PrivacyWeave: Generate .copilotignore
  • PrivacyWeave: Install Git pre-commit Hook
  • PrivacyWeave: Remove Git pre-commit Hook
  • PrivacyWeave: Sanitize Active File for AI

Quick start (step-by-step)

Prerequisites

• Node.js (16+) and npm
• Visual Studio Code

Install & run in Extension Development Host

1. Download and extract the ZIP attached with this message.
2. Open a terminal and cd into the extracted folder:

   cd privacyweave-vscode-extension
   

3. Install dependencies:

   npm install
   

4. Compile:

   npm run compile
   

5. Open the folder in VS Code:

   code .
   

6. Press F5 (Run Extension) to open a new Extension Development Host window with the extension loaded.

Use the extension

• Open the Command Palette (Ctrl/Cmd+Shift+P) and search for "PrivacyWeave".
• Run "PrivacyWeave: Scan Workspace" to scan files for sensitive content.
• Run "PrivacyWeave: Sanitize Active File for AI" to open a temporary sanitized copy of the active file (the original file is not modified).
• Run "PrivacyWeave: Generate .copilotignore" to create a .copilotignore in your workspace root.
• Run "PrivacyWeave: Install Git pre-commit Hook" to install a pre-commit hook that will block commits with detected patterns (you will be asked to confirm).

Package the extension

• Install vsce (npm i -g vsce) and run npm run package. Install the resulting .vsix from the Extensions view.

Limitations & Security notes

• This is a demo/proof-of-concept. It is helpful as a developer tool but not a guarantee of data safety.
• Tokenization mapping and any files created under .privacyweave/ are stored in the workspace directory and are not encrypted. Protect this folder appropriately.
• Pre-commit hook relies on Node.js being available in the environment where git runs.
• False positives/negatives are possible — tune the regex list in the extension settings.
• Use in concert with established security controls (secret managers, CI secret scanners, code reviews).

If you want I can:

• Add encrypted token storage (requires a secure local key)
• Improve cross-platform pre-commit handling for Windows
• Add an options UI panel (webview) to manage patterns

Enjoy — extract the ZIP and follow the Quick start above.