shutapp›|

The Shutapp CLI ships in the shutapppackage on PyPI. Install it with pip. That's the whole setup.

pip install shutapp
shutapp --version

Keep using Claude Code normally. Shutapp injects ANTHROPIC_BASE_URL for the child process, so Claude talks to the local proxy first.

shutapp claude

# pass Claude args through unchanged
shutapp claude -- --model claude-sonnet-4-5

Shutapp catches over 200 kinds of secrets: API keys, tokens, passwords, database URLs, private keys, cloud credentials, and Financials. It redacts the real value while leaving harmless example values in your docs alone.

# Anthropic sees:
Deploy with [ANTHROPIC_KEY_1] and card [CREDIT_CARD_1]

# Local tools receive the real values again when needed.

This is not just what you type. When Claude Code reads a file, runs a command, or uses a tool, any secret in that text is redacted the same way before it reaches the model.

shutapp claude [--session-id ID] [--no-redact] [--] [claude args]
shutapp session list
shutapp session show <ID>
shutapp session purge <ID> --yes
shutapp detectors list [--batch A] [--family cloud] [--json]
shutapp status

Session commands are value-free: they show ids, timestamps, placeholder counts, and detector types, never the vault contents.

Everything runs locally on your machine. Shutapp never needs your provider key, and your secrets never leave your machine. They stay in a local session vault and are swapped for placeholders before anything reaches the model.

shutapp session list
shutapp session show <session-id>
shutapp session purge <session-id> --yes

Paste a secret into Claude Code and you'll still see it on your screen. That's your own terminal, on your machine. The model never receives it. Ask Claude to repeat it back and it can't. It only ever saw a placeholder.

you    ›  my key is sk-ant-api03-9F4xC7L2bN…
you    ›  what key did I just give you?
claude ›  I only received [ANTHROPIC_KEY_1], never the real value.