Chat Security Filter Extension for VS Code

🛡️ Automatically detect and filter sensitive information (credentials, infrastructure details, personal data) from AI chat messages before they're sent to language models. Protects your Azure, AWS, GCP resources, on-premise infrastructure, and secrets from accidental exposure.

🌟 Features

• Real-time Scanning: Automatically scans all chat messages for sensitive information

• Comprehensive Detection: Detects 80+ types of sensitive data including:

  Cloud Credentials:

  • AWS Access Keys, Secret Keys, Account IDs
  • Azure Storage Keys, Client Secrets, Tenant IDs, Subscription IDs
  • Google Cloud API Keys, OAuth tokens, Project IDs
  • GitHub/GitLab Personal Access Tokens
  • Generic API keys and Bearer tokens

  Azure Infrastructure:

  • App Service URLs (*.azurewebsites.net)
  • App Service Environments (ASE)
  • Service Bus namespaces (*.servicebus.windows.net)
  • Storage Accounts (*.blob/table/queue/file.core.windows.net)
  • Key Vault URLs (*.vault.azure.net)
  • Azure SQL Servers (*.database.windows.net)
  • Cosmos DB endpoints (*.documents.azure.com)
  • Function Apps, Event Hubs, Redis Cache
  • Container Registry (*.azurecr.io)
  • Resource IDs, Subscription IDs, Tenant IDs
  • Application Insights Instrumentation Keys

  AWS Infrastructure (16 patterns):

  • S3 Buckets, ARN (Amazon Resource Names)
  • EC2 Instances, Lambda Functions, RDS Databases
  • DynamoDB, ECS, EKS Clusters
  • CloudFront, Elastic Beanstalk, API Gateway
  • ElastiCache, SNS, SQS, Kinesis
  • ECR Repositories, Account IDs

  GCP Infrastructure (13 patterns):

  • Project IDs, Service Accounts
  • Cloud Storage, Cloud Run, Cloud Functions
  • App Engine, Compute Engine, BigQuery
  • Cloud SQL, Firestore/Firebase
  • Pub/Sub, GKE Clusters, Artifact Registry

  IBM Cloud Infrastructure (9 patterns):

  • Cloud Resource Names (CRN)
  • Cloud Foundry Apps, Object Storage
  • Kubernetes Service, Cloud Functions
  • Databases, Event Streams (Kafka)
  • Watson Services, Account IDs

  Alibaba Cloud Infrastructure (10 patterns):

  • OSS Buckets, ECS Instances, RDS
  • Server Load Balancer, Function Compute
  • API Gateway, Container Registry
  • ACK Clusters, Account IDs, RAM Roles

  On-Premise Infrastructure:

  • UNC paths (\\server\share)
  • SQL Server connection strings
  • Internal URLs with ports
  • LDAP connection strings
  • Windows domain names
  • Private IP addresses (10.x, 172.x, 192.168.x)

  Container & Kubernetes:

  • Docker Registry URLs (GCR, ECR, ACR)
  • Kubernetes cluster endpoints

  Database Connections:

  • MongoDB, PostgreSQL, MySQL connection strings with credentials

  Security Artifacts:

  • Private keys (RSA, SSH, OpenSSH)
  • JWT tokens
  • Slack tokens

  Network Infrastructure:

  • IPv4 addresses
  • Internal domains (.local, .internal, .corp)

  Personal Data:

  • Email addresses and phone numbers
  • Credit card numbers

  Code Secrets:

  • Passwords in code
  • High-entropy strings (unknown tokens)

• Flexible Actions:

  • Auto-redact sensitive data with masking
  • Block messages entirely (configurable)
  • Preview filtered messages before sending

• User Controls:

  • /scan command: Scan text without AI processing
  • /configure command: Quick access to settings
  • Toggle filter on/off
  • Adjustable detection sensitivity (low/medium/high)

🚀 Quick Start

Prerequisites

• VS Code version 1.85.0 or higher
• Node.js 18.x or higher
• npm or yarn

Installation for Development/Testing

1. Clone or create the project:

   cd c:\workspace\idea--vscode
   

2. Install dependencies:

   npm install
   

3. Compile the TypeScript code:

   npm run compile
   

4. Open in VS Code:

   code .
   

5. Press F5 to launch Extension Development Host

   • This opens a new VS Code window with your extension loaded
   • The original window is for development
   • The new window is for testing

🧪 Testing Your Extension

Method 1: Using Chat Participant (Recommended)

1. In the Extension Development Host window, open the Chat view (Ctrl+Alt+I or Cmd+Alt+I on Mac)

2. Type @secure to invoke your security filter participant

3. Try these example prompts:

   @secure Check this code: My AWS key is AKIAIOSFODNN7EXAMPLE
   

   @secure /scan postgresql://user:password123@localhost:5432/mydb
   

   @secure /configure
   

Method 2: Testing Scan Command

Try scanning various text samples:

@secure /scan Here's my connection: mongodb://admin:secretPass@192.168.1.100:27017/production

Expected output: Detection of MongoDB credentials and IP address

Method 3: Testing Configuration

@secure /configure

This shows current settings and allows you to adjust sensitivity.

📋 Example Test Cases

Test Case 1: AWS Credentials

Input:

@secure I need help with this AWS config:
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Expected: Both credentials detected and redacted

Test Case 2: GitHub Token

Input:

@secure Clone the repo using: git clone https://ghp_abcdef1234567890ABCDEFGHIJKLMNOPQR@github.com/myrepo.git

Expected: GitHub token detected and masked

Test Case 3: Database Connection

Input:

@secure Connect to: mysql://dbuser:superSecretPass@prod-db.company.internal:3306/app

Expected: MySQL credentials, password, and internal domain detected

Test Case 4: API Key in Code

Input:

@secure 
const config = {
  apiKey: "sk_test_EXAMPLE1234567890abcdefghijklmnop",
  apiSecret: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.EXAMPLE_PAYLOAD.EXAMPLE_SIGNATURE"
}

Expected: API key and JWT token detected

⚙️ Configuration

Access settings via:

• Command: @secure /configure
• Or: File → Preferences → Settings → Search "Chat Security Filter"

Available Settings

Example: Change Detection Level

1. Open Settings (Ctrl+,)
2. Search for "chatSecurityFilter.detectionLevel"
3. Select "high" for maximum security (more false positives)
4. Select "low" for fewer warnings (may miss some secrets)

🔧 Development Commands

# Compile TypeScript
npm run compile

# Watch mode (auto-compile on changes)
npm run watch

# Run tests
npm test

# Lint code
npm run lint

🐛 Debugging

1. Set breakpoints in src/extension.ts or src/securityFilter.ts
2. Press F5 to start debugging
3. Use Debug Console in the development window to see logs
4. Check Output → "Extension Host" for extension logs

Common Issues

Issue: Extension doesn't activate

• Solution: Check package.json activation events, ensure VS Code version ≥ 1.85.0

Issue: Chat participant not showing

• Solution: Verify contributes.chatParticipants in package.json, restart Extension Development Host

Issue: TypeScript errors

• Solution: Run npm install again, check tsconfig.json

📦 Building for Distribution

1. Install vsce (VS Code Extension Manager):

   npm install -g @vscode/vsce
   

2. Package the extension:

   vsce package
   

3. This creates a .vsix file you can:

   • Install locally: code --install-extension chat-security-filter-0.1.0.vsix
   • Share with others
   • Publish to the marketplace

🚀 Publishing to Marketplace

1. Create a publisher account: https://marketplace.visualstudio.com/manage

2. Get a Personal Access Token from Azure DevOps

3. Login with vsce:

   vsce login your-publisher-name
   

4. Publish:

   vsce publish
   

🔐 Security Considerations

• Local Processing: All scanning happens locally, no data sent to external services
• Pattern Updates: Regularly update detection patterns for new threat types
• False Positives: High detection levels may flag legitimate data
• Not 100% Foolproof: Should be part of a layered security approach

🛠️ Customization

Adding New Detection Patterns

Edit src/detectionPatterns.ts:

{
  name: 'My Custom Token',
  pattern: /my_token_[A-Za-z0-9]{32}/gi,
  description: 'Custom token format detected',
  severity: 'high',
  category: 'credential'
}

Changing Redaction Style

Edit src/securityFilter.ts, modify maskString() method for custom masking.

📊 Detection Statistics

The extension tracks:

• Number of scans performed
• Types of credentials detected
• False positive feedback (planned)

View in Debug Console during development.

🤝 Contributing

1. Fork the repository
2. Create a feature branch
3. Add tests for new patterns
4. Submit a pull request

📄 License

MIT License - See LICENSE file for details

🔗 Resources

• VS Code Extension API
• Chat Participant API Guide
• TypeScript Handbook

📞 Support

• Report issues on GitHub
• Questions: Use GitHub Discussions
• Security concerns: Email security@yourcompany.com

Note: This is a development version. Test thoroughly before using in production environments.

Next Steps

1. ✅ Install dependencies: npm install
2. ✅ Compile: npm run compile
3. ✅ Press F5 to test
4. ✅ Try: @secure /scan <your sensitive text>
5. 🚀 Enjoy secure AI chats!