Mac app ($9.99) that locally scans AI coding assistant chat histories for leaked API keys, tokens, and passwords across Claude Code, Cursor, Windsurf, Copilot, and Codex.
Key Takeaways
Scans ~/.claude/, Application Support/Cursor/, .vscdb SQLite files, and .env directories; all processing stays on-device with no network requests.
Ships with a local MCP server for Claude Code so Claude can query findings and inject vault credentials without ever seeing raw secret values.
Redaction writes directly into VS Code SQLite chat databases with a timestamped backup created before any changes.
Vault stores rotated keys in macOS Keychain only; copying a value requires Touch ID or login password, and values are never displayed in the UI.
SieveCore is open source; no account, no telemetry, no cloud sync required.
Hacker News Comment Review
No substantive HN discussion yet; one commenter noted the problem is real but raised the broader workflow gap of integrating secrets management (SOPS + age) earlier in the AI-assisted dev loop rather than scanning after the fact.
