One-Click Security Check

Detect privacy leak risks and safely share your AI coding projects.

Why Security Check?

When working with AI coding assistants, your conversation history often contains various sensitive information:

• API Keys: You may have pasted OpenAI, Anthropic, or other service keys in conversations
• Passwords and Credentials: Database passwords, server login credentials, etc.
• Personal Information: Email addresses, phone numbers, etc.

Sharing these conversation records directly could pose security risks. The one-click security check feature automatically identifies and marks this sensitive information, letting you clearly understand potential privacy leak risks before sharing.

Security Guarantee

Security check only marks sensitive information. You can choose to redact before sharing, and your original data is never modified.

Use Cases

• Team Collaboration: Share projects with colleagues or team members
• Social Sharing: Post on social media to showcase your AI coding achievements
• Issue Reporting: Attach conversation records when submitting issues without worrying about leaking sensitive info
• Teaching Demos: Show real projects to students while protecting sensitive configurations

Built-in Security Check Rules

Mantra includes built-in recognition rules for common sensitive information, ready to use without configuration.

Supported Detection Types

Type	Description	Detection Method	Redacted Result
🔑 API Keys	OpenAI, Anthropic, Claude API Keys	Auto-detect sk-, anthropic- prefixes	sk-****
🔒 Passwords	Various password strings	Detect content after password, pwd keywords	****
🎫 Access Tokens	JWT, Bearer Tokens, etc.	Detect Bearer, eyJ patterns	eyJ****
👤 Personal Info	Emails, phone numbers, etc.	Pattern matching common formats	***@***.com
🗄️ Database Credentials	Connection strings, passwords	Detect connection string formats	****
🌐 Private Addresses	Internal IPs, private domains	Detect private network ranges and internal domains	***.***.***

Detection and Redaction Examples

Detected sensitive information (original):

My OpenAI API Key is sk-proj-abc123xyz456...
Database password is MySecretPwd123
Please send to zhangsan@company.com

After redaction (safe to share):

My OpenAI API Key is sk-****
Database password is ****
Please send to ***@***.com

Custom Check Rules

Beyond built-in rules, you can add your own check rules to meet specific needs.

Adding New Rules

1. Open Settings → Security Check Rules
2. Click the Add Rule button
3. Enter a rule name (e.g., Internal Project Code)
4. Set the matching pattern (see explanation below)
5. Click Save to complete

Pattern Matching Explained

What is a Pattern?

A pattern is a way to describe "what content to hide." You don't need to know programming—you can use simple, intuitive patterns to define what to redact.

Common Pattern Examples:

Pattern	Description	Matches
PROJECT-*	Match anything starting with PROJECT-	PROJECT-001, PROJECT-ABC
*@company.com	Match company emails	zhangsan@company.com
internal-???	Match specific format (? = single character)	internal-A01, internal-X99

Pattern Symbols:

• *: Matches any length of content (including empty)
• ?: Matches a single character

Editing Rules

1. Find the rule you want to modify in the rule list
2. Click the Edit button on the right side of the rule
3. Modify the rule name or matching pattern
4. Click Save to complete

Deleting Rules

1. Find the rule you want to delete in the rule list
2. Click the Delete button on the right side of the rule
3. Click Confirm in the confirmation dialog

Caution

After deleting a built-in rule, the corresponding type of sensitive information will no longer be automatically detected. Please proceed with caution.

Preview Security Check

Before sharing, you can preview the security check results to ensure sensitive information has been properly identified and marked.

Entering Preview Mode

1. Select the project you want to share
2. Click the Security Check button in the toolbar
3. The system will display detected sensitive information and the redacted conversation content

Confirming Detection Results

In the preview interface:

• Detected sensitive content is highlighted with a special style
• You can scroll through the entire conversation to confirm all sensitive information is identified
• If you find anything missed, you can go back to add custom rules

Adjusting Check Settings

If the detection doesn't meet expectations, you can:

1. Add rules: Found some sensitive info that wasn't detected? Add a new custom rule
2. Adjust rules: Detection scope too broad or narrow? Modify the existing rule's pattern
3. Temporarily disable: Don't need certain rules temporarily? Disable them without deleting

Safe Project Sharing

After confirming the security check results, you can safely share your project.

Sharing Flow

1. Complete the security check preview and confirm you're satisfied
2. Click the Share button
3. Choose a sharing method:
   • Generate Link: Create a shareable link
   • Export File: Download the redacted project file
4. Copy the link or save the file

Using Share Links

• Validity Period: Share links are valid for 7 days by default
• Access Permissions: Anyone with the link can view the redacted content
• Access Statistics: You can view link access counts in share management

Recommendation

For particularly sensitive projects, consider setting a shorter link validity period and checking access activity promptly after sharing.

Tips and Tricks

Best Practices

1. Always check before sharing: Make security checking a habit to ensure nothing is missed
2. Regularly check rules: As projects evolve, you may need to add new custom rules
3. Be stricter with sensitive projects: For particularly sensitive projects, consider adding more custom rules
4. Keep original data: Security check only affects shared content—local data is always preserved intact

Check Rule Priority

When multiple rules might match the same content, they're processed in this priority order:

1. Custom rules take precedence over built-in rules
2. More specific rules take precedence over broader rules
3. Later-added rules take precedence over earlier-added rules

Example

Suppose you have two rules:

• Built-in rule: Match all @*.com emails
• Custom rule: Keep @public.com emails unredacted

When encountering user@public.com, the custom rule takes priority, so that email won't be redacted.

FAQ

Can I see the original content after redaction?

No. Redaction is a one-way operation—hidden content cannot be recovered from the shared version.

Rest assured, your local original data is never modified. Redaction only affects the shared copy, and you can always view the complete original content.

How do I redact multiple projects at once?

Currently, you need to redact and share projects one at a time. Batch operations are being planned.

Temporary workaround: Set up all your redaction rules first, then the same rules will automatically apply when sharing different projects.

What if my custom rule isn't working?

Possible causes and solutions:

1. Pattern syntax error

   • Check if you're using * and ? symbols correctly
   • Try testing with a simpler pattern

2. Rule overridden by another rule

   • Check if a higher-priority rule is affecting the match
   • Try adjusting the rule order

3. Need to refresh preview

   • After modifying rules, you need to click preview again to see the effect
   • Make sure you've saved the rule changes

How do I recover content from before redaction?

If you need to view the original content:

• Local data: Just open the project directly—local data was never modified
• Already shared content: Cannot be recovered—this is the security guarantee of the redaction feature

If you want to re-share with new redaction settings, simply perform redaction and sharing on the original project again.

Does redaction affect project readability?

Mantra's redaction is designed to maintain content readability:

• Preserves context: Only the sensitive information itself is hidden, not the surrounding descriptive text
• Smart replacement: Uses meaningful placeholders (like sk-****) rather than complete deletion
• Maintains structure: Code blocks, lists, and other formatting are unaffected

Therefore, even after redaction, conversation records still have reference value.

Next Steps

• Time Travel - Return to any moment in history
• Message Filtering - Filter conversation messages by criteria
• Keyboard Shortcuts - Boost your efficiency