The privacy layer between your proprietary code and AI assistants.
Selectively extract β’ Anonymize on the fly β’ Scan for secrets β’ Collaborate with AI β’ Push back cleanly.
Repo Cloak lets you bring AI coding assistants (GitHub Copilot, Cursor, ChatGPT, Claude, etc.) into proprietary or NDA-bound codebases without ever exposing the real source repos. You pick the files you need, Repo Cloak anonymizes and aggregates them into a sandboxed "cloaked" workspace, you collaborate with AI freely, then push the results back to the originals β fully de-anonymized β when you're done.
Your source code never leaves your machine. The mapping is AES-256-GCM encrypted. The AI only ever sees the cloaked alias.
| Problem | Repo Cloak |
|---|---|
| AI assistants need context, but your repo is under NDA | Anonymized, sandboxed workspace AI can read freely |
| Multiple repos (frontend / backend / microservices) need cross-cutting changes | Pull from many sources into one cloaked workspace |
| Manual find/replace before sharing code is error-prone | Casing-aware anonymization with reversible mappings |
| Risk of leaking secrets to AI | Built-in 20+ pattern secret scanner blocks pulls |
| Translating AI output back to original names is tedious | One-click Push restores original names everywhere |
| Copilot Chat needs more files mid-task | LM Tools let Copilot probe and request files β you confirm |
- Pull selected files from any number of source repositories into a single cloaked workspace.
- Each source is tracked under a label (e.g.
frontend,auth-service,payments-api). - Sources can be added, removed, and re-pulled independently.
- Define keyword replacements once (e.g.
AcmeCorp β ClientA,myCompanyName β projectName). - Engine respects and rewrites every casing variant automatically:
camelCase,PascalCase,kebab-case,snake_case,SCREAMING_SNAKE,Title Case, raw lowercase/uppercase.
- Applied to file contents AND file paths β directories, filenames, and code identifiers are all cloaked.
- Fully reversible on push: cloaked names β original names everywhere.
- All source paths, replacements, and per-file translation tables are stored AES-256-GCM encrypted at rest.
- Encryption secret managed via VS Code SecretStorage (OS keychain) β never hits disk in plain text.
- Mapping is the only file shared between source and cloak; without the secret it's opaque.
- Every file is scanned before entering the cloaked workspace.
- Detects 20+ patterns: AWS keys, GitHub/GitLab tokens, Stripe keys, Slack tokens, JWTs, private keys (RSA/EC/PGP/OpenSSH), passwords, connection strings, Bearer tokens, API keys, and more.
- Files containing secrets are blocked from being copied with a detailed report (file + line + type).
- Forces you to remediate at the source β secrets never enter the cloak, never reach the AI.
- Right-click any file β Ban from Cloak to permanently exclude it from all future pulls.
- Per-source ban list, encrypted alongside the mapping.
- Banned files are flagged in probe results so AI tools don't keep asking for them.
Multiple ways to bring code in:
| Mode | When to use |
|---|---|
| Pull (Tree View) | Visual file picker with search, select-all/none, and a confirm bar. |
| Pull from Git Changes | Pull only what's uncommitted or recently modified β perfect for resuming work. |
| Force Pull (per source) | Silent re-sync of every previously-pulled file from one source. |
| Force Pull All Sources | One-shot refresh across every source after a git pull upstream. |
| Pull Source (programmatic) | Pull a known file list without prompts (used by AI tools). |
Orphan policy is configurable: when a previously-pulled file vanishes upstream, choose to prompt, delete, or keep.
- Push β restore selected modified files back to their source repos with full de-anonymization.
- Push All Sources β push everything that's changed across every source in one click.
- Force Push (per source) β overwrite the source with everything currently in the cloak for that source.
- Cloaked workspace can be automatically initialized as a git repo.
- Every pull/push is recorded as a clean, descriptive commit (
Repo Cloak: pulled 4 files from frontend). - Three modes:
full(init + commit),commit-only(commit if repo exists),off(don't touch git). - Gives you a clean, auditable history of every cloaked operation.
- Detects files in the cloak that no longer exist in the source.
- Interactive resolver lets you delete, keep, or re-map them.
- Keeps the mapping consistent and prevents push-time surprises.
- Save your anonymization rule sets (e.g.
acme-presets,internal-tools) and reapply them across new sources. - Manage via Manage Replacement Presets command.
- Share presets with teammates without sharing the actual code.
- Generate PR Summary β produces a polished pull-request description from the current cloaked diff.
- Restores original names so the summary is ready to paste into your real PR.
- Multiple PR templates (concise, detailed, conventional) β manage via Manage PR Summary Templates.
- Copy for AI β bundles selected files into a single, neatly-formatted block ready to paste into ChatGPT, Claude, etc.
- Includes file path headers and language fences automatically.
- All anonymized β safe to paste anywhere.
- On first pull, Repo Cloak writes a contextual
AGENTS.mdinto the cloaked workspace. - Tells the AI: this is a sandboxed cloak, here are the source labels, here's what to keep in mind.
- Compatible with Copilot's
AGENTS.mdconvention and Cursor rules.
A first-class VS Code Chat participant. Commands:
/sourcesβ list configured sources (labels + file counts only, no paths)./pullβ start a pull flow inside chat./presetsβ list available replacement presets./pr-summaryβ draft a PR summary right in chat./helpβ what can I do here?
Two tools Copilot Chat will discover and use automatically:
Copilot guesses a path or filename β tool reports whether it exists in any cloaked source.
- Returns
matchType:exact/basename/substring - Returns
status:available/already-pulled/banned - Privacy guard: never returns directory listings β only matches for what was guessed.
Copilot submits {sourceLabel, relativePaths[], reason}.
- VS Code shows a native modal listing the files + reason.
- On approval, files run through the full anonymize β secret-scan β mapping β commit pipeline.
- You are always the gatekeeper. Copilot can ask, you decide.
- Dedicated tree view with search, select-all, deselect-all, and a sticky Confirm bar.
- Inline Ban action on every file row.
- Title-bar buttons for every common action.
- Webview dashboard in the Activity Bar (shield icon).
- Live source list with file counts.
- Quick-access buttons for pull, push, force operations, presets, AI bundle, PR summary.
ββββββββββββββββββββββββ ββββββββββββββββββββββββ
β β [1] Extract, β β
β Source Repos βββββββββββββββββββββββΊ Cloaked Workspace β
β (NDA / proprietary) β anonymize, β (safe for AI) β
β β secret-scan β β
β ββββββββββββββββββββββββ€ β
βββββββββ¬βββββββββββββββ [3] De-anonymize ββββββββββββ¬ββββββββββββ
β & push back β
β β
β β [2] AI works
β [0] Configure sources, β on cloaked code
β replacements, ban list β (Copilot / Cursor /
β β ChatGPT / Claude)
βββββββββΌβββββββββββββββ ββββββββββββΌββββββββββββ
β Repo Cloak Engine ββββββββ LM Tools βββββ€ Copilot Chat β
β AES-256-GCM mapping β probe + request β (auto-discovers β
β + secret scanner β (user confirms) β tools) β
ββββββββββββββββββββββββ ββββββββββββββββββββββββ
Install Repo Cloak from the VS Code Marketplace, or sideload:
code --install-extension repo-cloak-1.1.0.vsixOpen a brand new empty folder in VS Code. This becomes your cloak. Do not use one of your real repos.
Click the π‘οΈ shield icon in the Activity Bar β Repo Cloak β Dashboard.
Run Repo Cloak: Add Source Repository β pick a label (e.g. frontend) β select the source repo folder.
Run Repo Cloak: Add Keyword Replacement β add pairs like AcmeCorp β ClientA, internalProductName β genericProduct. Casing variants handled automatically.
Run Repo Cloak: Pull β Extract & Anonymize Files β tree view opens β search/select files β click the β
in the title bar.
Or use Pull from Git Changes to grab only what's modified.
Open Copilot Chat / Cursor / paste into ChatGPT. The AI sees only the cloaked code. With Copilot, the LM Tools mean it can ask for more files mid-conversation β you confirm each pull.
Run Repo Cloak: Push β Restore Files β select the cloaked files you want to push β Repo Cloak rewrites them back to original names and writes them to the source repos.
Run Repo Cloak: Generate PR Summary β get a polished, de-anonymized markdown summary ready for your PR.
| Command | Purpose |
|---|---|
Repo Cloak: Pull β Extract & Anonymize Files |
Visual tree-picker pull |
Repo Cloak: Pull from Git Changes |
Pull only uncommitted / recently-changed files |
Repo Cloak: Force Pull Source |
Silent re-sync of all previously-pulled files for one source |
Repo Cloak: Force Pull All Sources |
Re-sync every source in one shot |
Repo Cloak: Pull Files for Source |
Pull a known set of files (programmatic) |
| Command | Purpose |
|---|---|
Repo Cloak: Push β Restore Files |
Push selected cloaked files back, de-anonymized |
Repo Cloak: Push All Sources |
Push everything changed across every source |
Repo Cloak: Force Push Source |
Overwrite a source with everything currently in the cloak for it |
| Command | Purpose |
|---|---|
Repo Cloak: Add Source Repository |
Register a new source under a label |
Repo Cloak: Remove Source |
Unregister a source |
Repo Cloak: Add Keyword Replacement |
Add an anonymization rule |
Repo Cloak: Remove Keyword Replacement |
Remove an anonymization rule |
Repo Cloak: Manage Replacement Presets |
Save/load preset rule packs |
| Command | Purpose |
|---|---|
Repo Cloak: Copy for AI |
Bundle selected files into a paste-ready block |
Repo Cloak: Generate PR Summary |
Auto-draft a PR description from your diff |
Repo Cloak: Manage PR Summary Templates |
Configure summary templates |
Repo Cloak: Resolve Orphaned Files |
Reconcile stale mapping entries |
Ban from Cloak (right-click in Explorer) |
Permanently exclude a file from pulls |
Configure in settings.json under the Repo Cloak section:
| Layer | Protection |
|---|---|
| Local-first | Nothing ever leaves your machine. No telemetry. No network calls. |
| Encrypted mapping | .repo-cloak-map.json is AES-256-GCM encrypted. The key lives in VS Code SecretStorage (OS keychain). |
| Secret scanning | 20+ pattern scanner runs before any file enters the cloak. Hits = blocked + reported. |
| Anonymization | Source identifiers replaced everywhere (paths + contents) before AI ever sees the code. |
| Ban list | Per-source persistent denylist for files you never want exposed. |
| LM Tool boundary | Copilot can probe/request, but every write requires user confirmation. No directory listings ever exposed. |
| Audit trail | Optional auto-commits in the cloaked workspace give you a verifiable history of every pull/push. |
- Enterprise AI adoption β let your dev team use Copilot/Cursor on NDA codebases without legal panic.
- Cross-repo refactors β pull the relevant slice from frontend, backend, and infra into one workspace; refactor with AI; push back.
- Bug reproductions β ship a cloaked, sanitized repro to a vendor or open-source maintainer.
- AI-assisted code review β paste the cloaked diff into ChatGPT/Claude for a second opinion.
- Onboarding β generate a cloaked, focused slice for new hires to learn from without dropping the whole org's IP in their lap.
- Security audits β extract just the auth/payments modules into a sandbox for an external auditor.
- TypeScript (strict) targeting VS Code
^1.95.0 - Node crypto β AES-256-GCM, scrypt key derivation, VS Code SecretStorage
- VS Code APIs β TreeDataProvider, Webview, Chat Participant, Language Model Tools, FileSystemWatcher
- Zero runtime dependencies beyond Node + VS Code
- MIT licensed β fork it, ship it, audit it
- β Multi-source aggregation with per-source labels
- β Casing-aware reversible anonymization (7+ casing variants)
- β AES-256-GCM encrypted mapping with OS-keychain-backed secret
- β 20+ pattern secret scanner (pre-pull blocking)
- β Per-source ban list
- β Pull (tree picker) + Pull from Git Changes
- β Force Pull (per source + all sources)
- β Push + Push All + Force Push
- β
Cloaked-workspace auto-git with descriptive commits (
full/commit-only/off) - β
Orphan resolver with configurable policy (
prompt/delete/keep) - β Replacement presets (save / load / share)
- β PR Summary generator with templates (de-anonymized output)
- β Copy-for-AI bundler
- β AGENTS.md auto-generation for Copilot/Cursor context
- β
@repo-cloakchat participant (/sources,/pull,/presets,/pr-summary,/help) - β
Language Model Tools for Copilot auto-discovery β
repo_cloak_probe_file+repo_cloak_request_pull(v1.1.0) - β Sidebar webview dashboard + dedicated file tree view with search & bulk-select
Issues and PRs welcome at github.com/iamshz97/repo-cloak-vs-code.
See development-guide.md for local dev setup and PUBLISH.md for the release flow.
Built by Shazni Shiraz Β β’Β MIT Licensed Β β’Β v1.1.0
Bring AI into every codebase. Leave the secrets behind.
{ // What to do when Force Pull finds files missing from the source. // "prompt" (default) | "delete" | "keep" "repo-cloak.forcePull.orphanPolicy": "prompt", // Auto-commit every pull/push to the cloaked workspace's git repo. // "full" (default) β init + commit | "commit-only" β only if repo exists | "off" β never touch git "repo-cloak.git": "full" }