BeforePaste Open GitHub repo

BeforePaste

Scrub secrets before you paste into AI.

A local menu bar and tray app that rewrites sensitive clipboard content only when the destination is ChatGPT, Claude, Doubao, Codex, or another supported AI tool.

Download macOS build Download Windows build Open GitHub repo
Homebrew install brew install beforewire/tap/beforepaste
  • Local redaction
  • No clipboard history
  • No prompt upload
BeforePaste watch local
Clipboard .env copied 
OPENAI_API_KEY=sk-live-9f4e...
DATABASE_URL=postgres://admin:...
STRIPE_SECRET_KEY=sk_live_51...
Target Claude Desktop

AI destination matched. Rewrite paste payload locally.

Pasted into AI placeholders only 
OPENAI_API_KEY=[OPENAI_API_KEY]
DATABASE_URL=[DATABASE_URL]
STRIPE_SECRET_KEY=[STRIPE_SECRET_KEY]
3 secrets redacted Raw clipboard restored outside AI targets

The same clipboard needs two outcomes.

BeforePaste watches where the paste is going. Raw values still work in trusted secret-entry flows. AI targets receive typed placeholders that preserve context without handing over credentials.

Trusted destination

Keep the original value

Editors, `.env`, GitHub Secrets, Vercel Env, and other configured safe targets can receive raw secrets.

STRIPE_SECRET_KEY=sk_live_51...
AI destination

Paste a named placeholder

AI chat, desktop AI apps, and terminal coding agents get a readable placeholder instead of the secret.

STRIPE_SECRET_KEY=[STRIPE_SECRET_KEY]

Trust comes from what the app does not do.

Clipboard tools earn trust by staying small. BeforePaste should not become a hosted classifier, clipboard manager, or opaque security box.

Local detector Detection and rewrite run on the user's machine.
No prompt upload The clipboard payload is not sent to a cloud classifier.
No history mode The app handles the current paste flow. It is not a clipboard archive.
Positive target matching Unrecognized destinations keep normal paste behavior.
Pause when needed The menu bar or tray control keeps exceptional workflows explicit.

Built around the places people paste real work.

Start with common AI chats, coding agents, and local workflows. Add custom browser domains and app targets as your team standardizes.

AI chats ChatGPT Claude Gemini Doubao DeepSeek
Coding agents Codex Claude Code Gemini CLI
Trusted inputs .env GitHub Secrets Vercel Env local editors

Install the desktop app. Keep the CLI for repeatable redaction.

Signed macOS and Windows releases are being prepared. The public app repository remains the source for downloads, issues, release notes, and Homebrew installation.

Open macOS releases Open Windows releases
beforepaste 
brew install beforewire/tap/beforepaste
beforepaste init
beforepaste watch

BeforePaste protects what goes into AI.

BeforeWire governs what AI agents do next: external actions, tool calls, approvals, and evidence.

Visit BeforeWire