It scans code, configs, and (optionally) logs, replaces credentials and other secret patterns using deterministic rules, and outputs a standardized bundle with a machine-readable manifest. The bundle is intended to be reviewed and then shared with external help (LLMs, vendors, contractors) without accidentally leaking credentials.
The tool itself runs entirely on your machine: no network calls, no telemetry, no session history. Redaction rules are fixed and auditable; the same inputs and rules produce the same output, making review and diffing possible.
This is not a sandbox, not an AI agent, and not a full incident response or forensic pipeline. It does not protect IP, does not guarantee safety against malicious recipients, and does not replace vendor due diligence. The goal is to reduce accidental oversharing under time pressure by making it trivial to produce a reviewable, constrained artifact.
I’m looking for feedback on threat-model boundaries, redaction guarantees, bundle/manifest design, and how people would integrate this into real incident or support workflows.