whatisgithub

What is agent-sweep?

ishannaik/agent-sweep — explained in plain English

Analysis updated 2026-05-18

29PythonAudience · developerComplexity · 2/5Setup · easy

In one sentence

AgentSweep is an offline command-line tool that scans AI coding assistant history files for accidentally pasted secrets like API keys and redacts them.

Mindmap

mindmap
  root((AgentSweep))
    What it does
      Scans AI agent history
      Finds pasted secrets
      Redacts and backs up
    Tech stack
      Python
    Use cases
      Secret leak cleanup
      Local security audit
      Key rotation prep
    Audience
      Developers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan your Claude Code, Cursor, or Windsurf history files for accidentally pasted API keys or credentials.

USE CASE 2

Redact found secrets in place while keeping a backup you can undo from.

USE CASE 3

Get the correct revocation URL for a detected key so you can rotate it quickly.

USE CASE 4

Run a one-time local security cleanup after debugging with an AI coding assistant.

What is it built with?

Python

How does it compare?

ishannaik/agent-sweepadityasharmadotai-hash/docs-reader-rag-agentalekseiul/hermes-researcher-agent
Stars292929
LanguagePythonPythonPython
Setup difficultyeasyeasymoderate
Complexity2/52/52/5
Audiencedevelopervibe coderresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires Python 3.11 or later, install via pip or the uv tool installer.

The README does not state a specific license.

So what is it?

AgentSweep is a command-line tool that scans the local conversation history files left behind by AI coding assistants and looks for accidentally pasted secrets. When you paste an API key, a database URL, or a .env file into a tool like Claude Code or Cursor to get help with debugging, that content gets saved to plain-text files on your computer and stays there indefinitely. AgentSweep reads those files, reports what it found, and can redact the secret values in place so they no longer sit in clear text. The tool works entirely offline. It reads and writes only files on your local machine and makes no network calls. It targets one specific risk: secrets stored in AI agent history files, which the README compares to a more dangerous version of shell history, since the files contain full conversational context rather than just commands. The README notes that if you already pasted a key into a cloud-backed agent, that key has already passed through the provider's servers, so AgentSweep addresses only the remaining local exposure. Twenty-nine AI agents are supported, including Claude Code, Cursor, Windsurf, Gemini CLI, GitHub Copilot Chat, Aider, and others. Detection covers 191 rule patterns: AWS credentials, GitHub tokens, Stripe keys, OpenAI and Anthropic API keys, Google credentials, Slack and Discord tokens, JWT tokens, PEM keys, database URLs, and BIP-39 seed phrases, among others. The fix flow is staged and reversible. AgentSweep first scans and shows you a report. If you type REDACT to confirm, it rewrites the affected files using atomic file replacement and creates .bak backup copies. The undo command restores from those backups. The purge command deletes the backups once you have rotated the affected keys. The tool also prints the appropriate revocation URL for each detected provider so you know where to go to invalidate the exposed key. Installation is via pip or the uv tool installer, and requires Python 3.11 or later. Running the tool with no arguments opens an interactive menu that walks through each step.

Copy-paste prompts

Prompt 1
Explain how AgentSweep detects secrets in AI agent history files without making any network calls.
Prompt 2
Walk me through running AgentSweep, reviewing the report, and confirming a redaction.
Prompt 3
Which of the 29 supported AI agents does AgentSweep scan, and where do their history files live?
Prompt 4
How do I undo a redaction with AgentSweep if I made a mistake?

Frequently asked questions

What is agent-sweep?

AgentSweep is an offline command-line tool that scans AI coding assistant history files for accidentally pasted secrets like API keys and redacts them.

What language is agent-sweep written in?

Mainly Python. The stack also includes Python.

What license does agent-sweep use?

The README does not state a specific license.

How hard is agent-sweep to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is agent-sweep for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.