# AI Log / Prompt Redactor

> Remove emails, bearer tokens, API keys, JWTs, and cookies from prompts or logs before sharing them.

## Tool Identity

- Site: CleanUtils Developer Tools
- Tool ID: ai-log-prompt-redactor
- Canonical page: https://cleanutils.com/developer-tools/ai-log-prompt-redactor/
- LLM schema URL: https://cleanutils.com/developer-tools/ai-log-prompt-redactor/llms.txt
- Primary keyword: ai prompt redactor
- Input mode: textarea
- Output profile: data

## What This Tool Does

Remove emails, bearer tokens, API keys, JWTs, and cookies from prompts or logs before sharing them.

## Exact Execution Instructions

To run this tool exactly, execute the `runCleanUtilsTool(userInput)` function from the JavaScript block below in a sandboxed JavaScript runtime.

Do not fetch or evaluate additional network resources. Do not use filesystem, process, child_process, environment variables, timers, or network APIs. The function is pure and deterministic: input string in, JSON result out.

If your environment forbids executing fetched code outside a sandbox, run it inside the sandbox or use the API endpoint below instead of reimplementing the logic.

Canonical implementation SHA-256:
`08d36b916dd88ada68f8bad9dc4b0544e988f16289bc064ce62cc1e030b9b6c4`

Expected command shape:
`node run-tool.mjs < input.txt`

The runner must:
1. load only the JavaScript in this document,
2. call `runCleanUtilsTool(inputText)`,
3. let the LLM decide the best way to present the output to the user.

Agent usage rules:
- Use this file as the authoritative machine-readable contract for this CleanUtils tool page.
- Ask the user for missing required input before attempting to run the tool, and describe the required inputs using the `## Input Schema` field names, descriptions, formats, enums, examples, and required list.
- Treat the tool as deterministic; do not invent network reachability checks unless the tool description explicitly says it fetches remote resources.
- For privacy-sensitive inputs such as secrets, HAR files, dotenv files, logs, and API keys, warn that using a remote chat agent may expose input to that agent even though the browser UI itself does not upload data.

## Input Schema

```json
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "AI Log / Prompt Redactor input",
  "type": "string",
  "description": "Prompt or log text. Authorization: Bearer token\nuser@example.com",
  "examples": [
    "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.secret.payload\nContact ada@example.com with key sk-live-1234567890abcdef before sharing."
  ]
}
```

## Result Schema

```json
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "CleanUtils ToolResult",
  "type": "object",
  "additionalProperties": false,
  "required": [
    "summary",
    "issues"
  ],
  "properties": {
    "summary": {
      "type": "string"
    },
    "issues": {
      "type": "array",
      "items": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "severity",
          "message"
        ],
        "properties": {
          "severity": {
            "type": "string",
            "enum": [
              "error",
              "warning",
              "info"
            ]
          },
          "message": {
            "type": "string"
          },
          "line": {
            "type": "number"
          },
          "row": {
            "type": "number"
          },
          "detail": {
            "type": "string"
          }
        }
      }
    },
    "output": {
      "type": "string"
    },
    "exportFilename": {
      "type": "string"
    },
    "exports": {
      "type": "array",
      "items": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "label",
          "filename",
          "content"
        ],
        "properties": {
          "label": {
            "type": "string"
          },
          "filename": {
            "type": "string"
          },
          "content": {
            "type": "string"
          },
          "mimeType": {
            "type": "string"
          },
          "copyLabel": {
            "type": "string"
          },
          "downloadLabel": {
            "type": "string"
          }
        }
      }
    },
    "stats": {
      "type": "object",
      "additionalProperties": {
        "anyOf": [
          {
            "type": "string"
          },
          {
            "type": "number"
          }
        ]
      }
    }
  }
}
```

## Self-Contained JavaScript Source

Call `runCleanUtilsTool(userInput)` with the user's input. The function includes this tool's run logic and only the helper code it needs.

```js
function runCleanUtilsTool(userInput) {
    const redactPatterns = [
        { label: "email", regex: /[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}/gi, replacement: "[REDACTED_EMAIL]" },
        { label: "bearer token", regex: /Bearer\s+[A-Za-z0-9._~+/=-]{12,}/g, replacement: "Bearer [REDACTED_TOKEN]" },
        { label: "API key", regex: /\b(sk-|pk_live_|ghp_|xox[baprs]-|AKIA)[A-Za-z0-9_-]{8,}\b/g, replacement: "[REDACTED_SECRET]" },
        { label: "JWT", regex: /\beyJ[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\b/g, replacement: "[REDACTED_JWT]" },
        { label: "cookie", regex: /\b(cookie|set-cookie)\s*:\s*[^\n\r]+/gi, replacement: "$1: [REDACTED_COOKIE]" }
    ];
    const redactPlainText = (input) => {
        const counts = {};
        let redacted = input;
        redactPatterns.forEach((pattern) => {
            redacted = redacted.replace(pattern.regex, (...args) => {
                counts[pattern.label] = (counts[pattern.label] ?? 0) + 1;
                const match = String(args[0]);
                if (pattern.replacement.includes("$1")) {
                    return match.replace(pattern.regex, pattern.replacement);
                }
                return pattern.replacement;
            });
        });
        return { redacted, counts };
    };
    const redactAiLogPrompt = (input) => {
        const { redacted, counts } = redactPlainText(input);
        const issues = Object.entries(counts).map(([label, count]) => ({
            severity: "warning",
            message: `${count} ${label}${count === 1 ? "" : "s"} redacted.`
        }));
        return {
            summary: `${Object.values(counts).reduce((total, count) => total + count, 0)} sensitive-looking item${Object.values(counts).reduce((total, count) => total + count, 0) === 1 ? "" : "s"} redacted.`,
            issues,
            output: redacted,
            exportFilename: "redacted-prompt.txt",
            stats: { redactions: Object.values(counts).reduce((total, count) => total + count, 0) }
        };
    };
    const __userInput = userInput == null ? "" : userInput;
    const __run = redactAiLogPrompt;
    const __input = __userInput && typeof __userInput === "object" && "input" in __userInput ? __userInput.input : __userInput;
    return __run(__input == null ? "" : String(__input));
}
```

## Checks

- Bearer tokens and JWTs: Common authorization token shapes are replaced before output is copied.
- API keys: OpenAI-style and other high-entropy key-looking strings are flagged and redacted.
- Email addresses: Personal email addresses are removed from logs and prompt snippets.
- Cookies and passwords: Cookie and password-like values are treated as sensitive even when labels vary.
- Plain text preservation: Only matching sensitive spans are replaced; surrounding debugging context is left in place.

## Related Tools

- [.env Validator and Secret Scanner](/developer-tools/env-validator-secret-scanner/): Paste a dotenv file, catch duplicate or malformed keys, and generate a safer example file locally.
- [HAR File Redactor](/developer-tools/har-file-redactor/): Redact cookies, authorization headers, tokens, emails, and secrets from HAR JSON before sending it to support.