5 Commits

Author SHA1 Message Date
rootiest 44f06a33e1 docs(readme): fix broken links and code block formatting in readme
docs: fix remaining formatting bugs

docs: tweak a couple lingering nitpicks
2026-06-20 02:59:20 -04:00
rootiest 5462d0fee3 feat: stateless AES-256-GCM crypto tokens with SSE-aware detokenization
Replace the in-memory token map with self-contained cryptographic tokens.
ggshield-flagged secrets are encrypted with AES-256-GCM under a persistent
256-bit master key; the placeholder carries IV ++ authTag ++ ciphertext as
hex, so the proxy is stateless and resolves tokens across restarts and
replayed chat histories.

The streaming detokenizer now parses SSE content_block_delta events and
reassembles placeholders fragmented across many deltas — a raw byte scan
can't bridge the interleaved event/JSON framing. Plain JSON responses keep
the simpler contiguous byte scan.

The master key is generated 0600 on first run at
~/.config/claude-tokenization-proxy/master.key (override GG_MASTER_KEY_FILE);
deleting it makes existing tokens unrecoverable.
2026-06-20 02:29:38 -04:00
rootiest afb739f061 docs: add systemd user service and persistent env setup
Add templates/claude-tokenization-proxy.service (systemd user unit that runs
the proxy at login, restarts on failure) and README sections covering its
installation, lingering for boot-before-login, and permanently setting
ANTHROPIC_BASE_URL across fish, bash/zsh, and environment.d.
2026-06-19 23:19:00 -04:00
rootiest d6f9a51513 docs(readme): fix formatting in diagram 2026-06-20 02:52:01 +00:00
rootiest bd138a8d12 feat: claude-code tokenization proxy with ggshield DLP
Local DLP proxy between claude-code and the Anthropic API. Scans outgoing
/v1/messages bodies with ggshield, swaps detected secrets for opaque
placeholder tokens, and restores them in the streamed SSE response on the fly.

Licensed under AGPL-3.0-or-later.
2026-06-19 22:48:45 -04:00