Metadata-Version: 2.4
Name: shutapp-cli
Version: 0.1.0
Summary: Local Claude Code privacy wrapper: value-first secret redaction proxy.
Author: Shutapp
License-Expression: MIT
Project-URL: Homepage, https://shutapp.world/cli
Project-URL: Documentation, https://shutapp.world/cli
Project-URL: Source, https://github.com/Itaib24/Guardom
Keywords: secrets,pii,privacy,claude,claude-code,anthropic,redaction,proxy
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: httpx<1.0,>=0.27
Requires-Dist: pyyaml<7.0,>=6.0
Requires-Dist: aiohttp<4.0,>=3.9
Provides-Extra: dev
Requires-Dist: pytest>=8; extra == "dev"
Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
Dynamic: license-file

# Shutapp CLI

Shutapp CLI is a local privacy wrapper for Claude Code. It runs `claude`
through a localhost Anthropic-compatible proxy so secrets are redacted before
they reach Anthropic, then rehydrated only for local tool execution.

It is separate from the Shutapp hosted API/SDK flow. The CLI is for developers
who want local value-first redaction around Claude Code sessions.

## Install

```powershell
py -m pip install --user pipx
py -m pipx ensurepath
py -m pipx install "git+https://github.com/Itaib24/Guardom.git#subdirectory=shutapp"
shutapp-cli --version
```

`pipx install shutapp-cli` is the intended PyPI command, but it only works after the
public PyPI package is published.

For local development:

```powershell
pip install -e .[dev]
shutapp-cli status
```

## Run Claude Code

```powershell
shutapp-cli claude
```

Useful commands:

```powershell
shutapp-cli session list
shutapp-cli session show <session-id>
shutapp-cli session purge <session-id> --yes
shutapp-cli detectors list --batch A
shutapp-cli status
```

## Security Model

- Shutapp never needs your Anthropic provider key.
- Anthropic-bound text receives stable placeholders such as `[ANTHROPIC_KEY_1]`.
- The reversible vault stays local and session-scoped.
- Normal assistant text remains placeholdered; local tool inputs are rehydrated
  so Bash, Write, and similar tools can still run.
- `--no-redact` is a debug escape hatch and should not be used for real secret
  handling.

## Detector Coverage

The bundled registry uses value-first rules:

- Strong vendor prefixes redact immediately.
- Checksum-backed financial, identity, crypto, and regulated values use
  validators.
- Weak shapes require context within the engine window.
- Generic fallbacks are last-resort only.

Start with:

- `docs/CLI.md`
- `docs/SECURITY.md`
- `docs/DETECTORS.md`
- `docs/PACKAGING.md`
- `docs/DETECTOR_VERIFICATION.md`

## Build And Test

```powershell
python -m pytest tests -q
python -m build
python -m twine check dist/*
```
