I built Quell because I realised how easy it is to mindlessly paste code containing live credentials into the chat interfaces of AI IDEs like Cursor, Windsurf, or AntiGravity. Existing tools like TruffleHog are great for scanning commits, but they do not intercept your clipboard before the cloud model sees it.
Quell acts as a 100% offline interceptor. If you copy an .env file or a block of code with a key, Quell swaps the secret for a safe placeholder like {{SECRET_xxx}}.
A few technical details on how it works:
Detection: It uses 75+ regex patterns and Shannon entropy analysis to catch highly random tokens that standard regex might miss.
Storage: The real values are sent to your OS Keychain (Windows Credential Manager, macOS Keychain, or libsecret) via the VS Code SecretStorage API. They are never written to disk in plain text.
Restoration: You can swap the placeholders back to the real keys locally with a single click when you need to run your app.
Zero Telemetry: It makes zero network calls. Your secrets never leave your machine.
It is open source under the MIT license. I would love to hear your thoughts on the approach and the entropy scanning implementation.
Sonofg0tham•1h ago
I built Quell because I realised how easy it is to mindlessly paste code containing live credentials into the chat interfaces of AI IDEs like Cursor, Windsurf, or AntiGravity. Existing tools like TruffleHog are great for scanning commits, but they do not intercept your clipboard before the cloud model sees it.
Quell acts as a 100% offline interceptor. If you copy an .env file or a block of code with a key, Quell swaps the secret for a safe placeholder like {{SECRET_xxx}}.
A few technical details on how it works:
Detection: It uses 75+ regex patterns and Shannon entropy analysis to catch highly random tokens that standard regex might miss.
Storage: The real values are sent to your OS Keychain (Windows Credential Manager, macOS Keychain, or libsecret) via the VS Code SecretStorage API. They are never written to disk in plain text.
Restoration: You can swap the placeholders back to the real keys locally with a single click when you need to run your app.
Zero Telemetry: It makes zero network calls. Your secrets never leave your machine.
It is open source under the MIT license. I would love to hear your thoughts on the approach and the entropy scanning implementation.