Skip to content

PAIArtCom/Veil

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Veil

Local de-identification for AI coding agents.

English | 简体中文

Veil is a local de-identification proxy for AI coding agents. It masks secrets and PII before Claude Code or Codex traffic leaves your machine, then restores real values locally on the way back. The provider sees only deterministic reversible tokens. Your workflow stays unchanged.

Status License Platform
v0.1.3 Apache-2.0 macOS · Linux · Windows (amd64 / arm64)

Install

For most users, npm is the shortest path. It installs the Veil command and downloads the matching release binary for your platform.

npm / Node.js toolchains

npm i -g @paiart/veil

Works on macOS, Linux, and Windows. The correct binary for your platform is downloaded automatically from the matching GitHub Release during install.

macOS and Linux

curl -fsSL https://veil.paiart.com/install.sh | sh

Install a specific version or to a custom directory:

curl -fsSL https://veil.paiart.com/install.sh | VEIL_VERSION=v0.1.3 sh
curl -fsSL https://veil.paiart.com/install.sh | VEIL_INSTALL_DIR="$HOME/bin" sh

macOS — Homebrew

brew tap PAIArtCom/veil
brew install veil

The tap is published by stable release automation to PAIArtCom/homebrew-veil.

Windows — PowerShell

irm https://veil.paiart.com/install.ps1 | iex

The binary is placed in %USERPROFILE%\.veil\bin and added to your user PATH.

Go install

go install github.com/PAIArtCom/Veil/cmd/veil@latest

Build from source

Use this only when developing or testing an unreleased checkout.

git clone https://github.com/PAIArtCom/Veil.git
cd Veil
go build -o ./bin/veil ./cmd/veil

Pre-built binaries for all platforms are also available on the releases page.


Let your AI agent set it up

Paste this into your AI assistant and it will handle the full installation:

Install and configure Veil for me (https://github.com/PAIArtCom/Veil). Veil is a
local proxy that replaces API keys, database passwords, and other sensitive values
in prompts with placeholders before they reach AI providers, then restores real
values locally on the way back.

Please complete these steps:
① install Veil with `npm i -g @paiart/veil`;
② confirm `veil version` works;
③ install and start the background service with `veil service install`;
④ create or update `~/.claude/settings.json` so `env.ANTHROPIC_BASE_URL` is `http://127.0.0.1:8787`;
⑤ verify with test value `postgresql://app:s3cr3t@localhost:5432/mydb` that masking works;
⑥ summarize how to use Veil day-to-day.

Fix any errors and continue without stopping to ask me.

After it finishes, restart Claude Code. For Codex, the config is slightly different — see Quickstart below.

What changes

# Without Veil — what your model provider receives today:
"...connect to postgresql://app:s3cr3t@db.internal:5432/mydb..."
"export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE"

# With Veil — what your model provider receives:
"...connect to PAIArtVeil_SECRET_a1b2c3d4..."
"export AWS_ACCESS_KEY_ID=PAIArtVeil_SECRET_e5f6g7h8..."

Real values are restored locally before your terminal, files, or tool calls see the response.

Quickstart

After installing Veil, install the background service once and point your AI tool at the local base URL. You should not have to run veil proxy every time.

veil service install
veil status

veil service install creates a user-level background service on macOS (launchd), Linux (systemd --user), or Windows (Task Scheduler) that runs the localhost proxy after login. Use veil restart after changing service options.

Daily service commands:

veil status              # check the local proxy
veil restart             # restart after config changes
veil service stop        # stop the background proxy
veil service start       # start it again
veil service uninstall   # remove the OS service

Claude Code:

Add this to ~/.claude/settings.json:

{
  "env": {
    "ANTHROPIC_BASE_URL": "http://127.0.0.1:8787"
  }
}

Codex CLI:

veil service install --force --upstream https://api.openai.com

Add to ~/.codex/config.toml:

model_provider = "veil"

[model_providers.veil]
name     = "Veil"
base_url = "http://127.0.0.1:8787/v1"
wire_api = "responses"
env_key  = "OPENAI_API_KEY"

That's it. Your credentials still flow to the provider unchanged — only sensitive values in request and response bodies are masked.

Codex CLI with OpenRouter:

Use OpenRouter through the Responses API path. The upstream base is https://openrouter.ai/api, so Codex's /v1/responses request becomes OpenRouter's /api/v1/responses request.

You can keep the background service on its default upstream and put OpenRouter directly in the local base URL:

model_provider = "veil-openrouter"

[model_providers.veil-openrouter]
name     = "Veil OpenRouter"
base_url = "http://127.0.0.1:8787/veil/upstream=https://openrouter.ai/api/v1"
wire_api = "responses"
env_key  = "OPENAI_API_KEY"

Codex appends /responses, so Veil forwards to https://openrouter.ai/api/v1/responses. No URL escaping or extra upstream command is required.

Do not point Chat Completions clients at Veil yet. Unsupported endpoints fail closed instead of being forwarded without verified masking.

What Veil protects

Veil detects and masks these types before provider egress, then restores them locally:

Type Examples
Secrets API keys, tokens, passwords, connection strings
Email user@example.com
Phone +1 555 123 4567
IPv4 / IPv6 192.168.1.1, 2001:db8::1
Payment cards 4111 1111 1111 1111
Account numbers Bank and financial identifiers
URLs https://internal.company.com/api
Dates Off by default — opt in via policy if needed
Names / addresses Off by default — opt-in L2 semantic detection

Supported in v0.1.3:

  • Claude Code via Anthropic Messages (/v1/messages)
  • Codex CLI via OpenAI Responses (/v1/responses)
  • OpenRouter via Codex CLI and OpenRouter Responses (/api/v1/responses)
  • Go SDK integrations via github.com/PAIArtCom/Veil

Not yet supported: Chat Completions clients, Gemini, remote MCP egress classification, OCR, document parsing, attachment rewriting, or provider thinking/control traces.

How it works

your coding tool
  → Veil masks sensitive fields on localhost
  → provider sees PAIArtVeil_<TYPE>_<id> tokens only
  → provider response returns tokens
  → Veil restores real values locally
  → your terminal, files, and tool calls use real values

Security properties:

  • Local only — the proxy binds to 127.0.0.1. No relay, no cloud, no credentials stored by Veil.
  • Fail closed — parsing errors, detection errors, policy violations, or unsupported endpoints block the request rather than forwarding plaintext.
  • Deterministic tokens — the same value maps to the same token within a scope, so multi-turn context and prompt-cache behavior survive masking.
  • Reversible locally — the model sees tokens; your tools and files get real values.
  • No telemetry — the engine never phones home.

Policy

A local policy file lets you choose per-type behavior:

{
  "default_operator": "token",
  "types": {
    "EMAIL": {"operator": "ignore"},
    "SECRET": {"operator": "block"}
  }
}

Load with --policy /path/to/policy.json, the VEIL_POLICY environment variable, or place it at ~/.veil/policy.json to auto-load.

Operator Behavior
token Replace with reversible token (default)
ignore Leave value unmodified
block Refuse the request entirely

Verify your setup

Test with a throwaway value — never a real credential:

postgresql://app:s3cr3t@localhost:5432/mydb

Ask your agent to use this string in a local task, then confirm:

  • Provider-bound text contains PAIArtVeil_... tokens, not the test value
  • Local tool calls receive the restored connection string
  • Files written by the agent contain no unresolved PAIArtVeil_ tokens
  • The proxy is still listening only on 127.0.0.1

Full verification steps: Claude Code guide · Codex guide

Start here

I want to... Go to
Run Claude Code through Veil Claude Code setup
Run Codex through Veil Codex CLI setup
Run Codex through OpenRouter OpenRouter setup
Install, upgrade, or operate the proxy Deployment guide
Embed Veil in a Go gateway SDK integration guide
Understand the security boundary Threat model
Report a bug or vulnerability Support · Security policy

Veil vs PAIArt

Veil is the open-source de-identification engine. PAIArt is the commercial control plane for teams that need fleet-wide policy management and compliance audit trails.

Veil (this repo) PAIArt
What Local engine, SDK, and reference proxy Organization control plane
For Individual developers and gateway integrators Security and compliance teams
Policy Local JSON file Centrally pushed, fleet-wide
Audit Bring your own AuditSink Compliance dashboards, SIEM export
License Apache-2.0 Commercial

Individual value is open; organizational control is paid. See the open-core boundary.

Documentation

Area Docs
User guides Deployment, Claude Code, Codex CLI, OpenRouter
Concepts Redaction model, Token spec, Detection layers
SDK Contract, API reference, Integration guide, examples/embed
Architecture Overview, Threat model, ADRs
Project Roadmap, Open-core boundary, Support, Security, Changelog
Brand assets Logo, Dark logo, Favicon, Open Graph image

About

Local de-identification proxy for AI coding agents. Mask secrets and PII before Claude Code or Codex traffic leaves your machine.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

2 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors