Cloakd
Anonymize sensitive data before it reaches language models.
Table of Contents
What Cloakd Does
Cloakd is a VS Code extension that helps you use AI tools without exposing raw secrets.
It replaces sensitive values (for example API keys, hostnames, IPs, emails, paths, tokens) with anonymized placeholders before data reaches the model.
Example:
- Original:
Deploy to 10.4.1.25 with key sk_live_ABC123
- Sent to model:
Deploy to IP_1 with key API_KEY_1
This keeps model-visible text safer while preserving enough context for useful AI help.
How It Works
Cloakd follows a strict boundary:
- Anonymize before model access.
- De-anonymize only inside trusted local tool execution paths.
- Re-anonymize tool outputs before returning text to model-visible flows.
In practice, you keep working normally while Cloakd handles token mapping and privacy controls in the background.
Newest Features
Cloakd can now expose wrapped aliases for non-native tools.
- Alias pattern:
cloakd_wrap_<toolName>
- Default policy:
tokenOnly (safe default)
- Optional policies: selective or trusted de-anonymization
The main UI now includes a dedicated section for wrapped-tool trust configuration.
- Enable or disable dynamic wrapping
- Select mode (
strict, balanced, trustedLocal)
- Edit optional JSON overrides
3) Cleaner UI structure
Main UI is split into separate submenus to reduce clutter:
Rule AdditionWrapped Tool Trust Policy
4) Safer settings persistence
Dynamic wrapping settings are now written using supported configuration scope behavior, reducing settings-write errors in multi-folder contexts.
Quick Start for Beginners
Step 1: Install and open Cloakd
- Install the extension.
- Run
Cloakd: Open Main UI.
Step 2: Create your first rulesheet
- Run
Cloakd: Create Rulesheet.
- Choose your workspace folder.
- Create a
.cloakd/<name>.cloakd.json rulesheet.
Step 3: Add a simple rule
Use Rule Addition in the main UI, or highlight text and run Cloakd: Quick Add Rule.
Example rule:
{
"id": "rule-1",
"type": "ip",
"pattern": "\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b",
"replacement": "IP",
"enabled": true
}
Step 4: Use Cloakd in chat
In VS Code Chat, explicitly use @Cloakd.
Important: Cloakd protection is designed for the @Cloakd participant flow.
Daily Workflows
Workflow A: Ask AI about logs safely
- Paste log snippets in
@Cloakd chat.
- Cloakd anonymizes matching sensitive values.
- Model responds using tokenized placeholders.
Workflow B: Scan files and generate rules
- Run
Cloakd: Scan Current File for Secrets or Cloakd: Scan File for Secrets.
- Review detected items in UI.
- Save selected rules.
With @Cloakd, model can use:
cloakd_execute_commandcloakd_scp_transfercloakd_filesystem
These tools preserve Cloakd privacy boundaries during invocation and result handling.
Use this only when you need non-native or third-party tools in the loop.
Modes
strict: safest default behaviorbalanced: still conservative, tuned for practicalitytrustedLocal: allows more de-anonymization flexibility for trusted local use
Recommended rollout
- Start with
enabled = false.
- Enable dynamic wrapping only when needed.
- Keep mode as
strict first.
- Add per-tool overrides only after validating behavior.
Optional policy override example
Policy Overrides JSON is the advanced control surface for wrapped tools.
What it does:
- Defines a default trust policy for all wrapped tools via
defaultPolicy.
- Applies targeted exceptions for specific tools via
perTool.
- Controls de-anonymization behavior (
tokenOnly, selectiveDeanonymize, trusted).
- Restricts selective de-anonymization to explicit input paths.
- Enforces input/output size limits to reduce risk and noisy output.
What it achieves for developers:
- Lets custom tools work without weakening privacy for every tool.
- Supports principle-of-least-privilege for tool input exposure.
- Makes trust behavior explicit, reviewable, and team-shareable in workspace settings.
How to use it safely:
- Keep
defaultPolicy conservative (tokenOnly, allowExternal: false).
- Add per-tool overrides only for tools that fail under strict policy.
- Prefer
selectiveDeanonymize with narrow allowedInputPaths.
- Use
trusted only for fully trusted local workflows.
{
"defaultPolicy": {
"mode": "tokenOnly",
"allowExternal": false,
"maxInputSize": 100000,
"maxOutputSize": 150000
},
"perTool": {
"exampleTrustedTool": {
"mode": "selectiveDeanonymize",
"allowExternal": true,
"allowedInputPaths": ["credentials.password"]
}
}
}
Field reference:
mode:
tokenOnly: never de-anonymize tool input fields.selectiveDeanonymize: only de-anonymize fields listed in allowedInputPaths.trusted: de-anonymize all string fields in tool input.
allowedInputPaths: dot-style field paths for selective mode (example: credentials.password).allowExternal: permits non-Cloakd external tool execution where policy checks apply.maxInputSize: maximum serialized tool input size allowed.maxOutputSize: maximum returned output size before truncation/sanitization limits apply.
Commands and Shortcuts
Core commands
cloakd.activate - Create Rulesheetcloakd.openUI - Open Main UIcloakd.openRuleEditor - Open Rule Editorcloakd.switchRulesheet - Switch Active Rulesheetcloakd.showMappings - Show Token Mappingscloakd.clearMappings - Clear Token Mappingscloakd.anonymize - Anonymize Selectioncloakd.quickAddRule - Quick Add Rule
Scanner commands
cloakd.scanCurrentFile - Scan Current File for Secretscloakd.scanSecrets - Scan File for Secretscloakd.scanIacFile - Scan IaC File for Patterns
Default shortcuts
Ctrl+Shift+A - Quick Add RuleCtrl+Alt+S - Scan Current File for SecretsCtrl+Alt+Shift+S - Scan File for Secrets
Configuration
| Setting |
Default |
Description |
cloakd.agent.maxToolRounds |
10 |
Maximum LM tool-call rounds in a chat loop |
cloakd.agent.executionMode |
captured |
Tool execution mode: captured or terminal |
cloakd.agent.toolScope |
cloakdOnly |
Expose only Cloakd tools or all tools |
cloakd.agent.dynamicToolWrapping.enabled |
false |
Enable wrapped aliases for non-Cloakd tools |
cloakd.agent.dynamicToolWrapping.mode |
strict |
Baseline wrapped-tool trust mode |
cloakd.agent.dynamicToolWrapping.policies |
{} |
Optional default and per-tool policy overrides |
cloakd.mappings.autoClearOnSessionStart |
true |
Clear token mappings when a new session starts |
cloakd.mappings.autoClearOnRulesheetSwitch |
true |
Deprecated compatibility setting; switch clears mappings by policy |
cloakd.logging.level |
warn |
Logging verbosity: error, warn, info, debug |
Limitations
- Cloakd privacy guarantees are centered on
@Cloakd chat participant flows.
- If you expose all tools and over-trust unknown tools, risk increases.
- Pattern quality affects anonymization quality. Poor regex patterns can over-match or miss values.
Troubleshooting
Main UI looks outdated
Run webview build and reload VS Code window:
npm run webview:build- Reload window
Wrapped trust policy settings do not save
- Ensure extension is updated.
- Save from the
Wrapped Tool Trust Policy submenu in main UI.
- If needed, reload VS Code so updated contributed settings metadata is picked up.
Model still sees real values
- Confirm your prompt is sent with
@Cloakd.
- Verify rules are enabled.
- Test with a known sample value that should match.
License
MIT.
Support
Open a GitHub issue in the project repository with:
- VS Code version
- Cloakd version
- Minimal reproduction steps
- Redacted logs/screenshots
