CleanMyPrompt
VS Code Extension

Stop leaking secrets to GitHub Copilot

CleanMyPrompt for VS Code detects API keys and PII inline as you work — and lets you redact everything with a single command. Built for developers who use Copilot, Cursor, Cline, and Windsurf daily.

Install from Marketplace Read the intro post
VS Code 1.75+v1.1.1macOS · Linux · WindowsFree for personal use

Before and after one command

Run CMP: Fix File and every detected secret is replaced with a safe, labeled placeholder.

Before

const apiKey = "sk-abc123...xyz789"

AfterHIGH

const apiKey = "[OPENAI-KEY]"

Before

apiKey: "sk-ant-api03-abc...xyz"

AfterHIGH

apiKey: "[ANTHROPIC-KEY]"

Before

email: "jane.doe@acme.com"

AfterMEDIUM

email: "[EMAIL]"

Before

const SECRET = "ghp_abc123xyz"

AfterHIGH

const SECRET = "[GITHUB-TOKEN]"

Placeholders are clearly labeled and idempotent — scanning a fixed file returns zero findings.

Command palette commands

Open with ⌘ Shift P and type CMP.

CMP: Scan File

Scan the active file and show all findings in the Problems panel.

CMP: Fix File

Redact all detected secrets in the active file in-place.

CMP: Fix All Open Files

Sweep every open editor tab and redact secrets across all of them at once.

CMP: Squeeze File

Compress the active file — removes comments, unused imports, whitespace. Cuts token cost by 40–50%.

Everything in one extension

Inline Diagnostics

Secrets are underlined in real time as you open files — just like ESLint. Hover to see the finding type and severity.

One-Click Redaction

Run "CMP: Fix File" from the command palette. All secrets are replaced with labeled placeholders instantly.

Fix All Open Tabs

One command cleans every open file. Run it at the start of a Copilot session to ensure nothing is leaking.

Token Squeeze

Remove comments, unused imports, and whitespace before pasting code into Copilot Chat. Fewer tokens, same meaning.

Copilot-Aware Workflow

Designed specifically for GitHub Copilot, Cursor, Cline, and Windsurf. Cleans context before it reaches the model.

Zero Telemetry

Everything runs locally. No code, no file contents, no metadata leaves your machine. The extension has no network calls.

The safe Copilot workflow

1

Open the file you're about to use as Copilot context

2

Run CMP: Scan File — see exactly what secrets are present

3

Run CMP: Fix File — replace all secrets with safe placeholders

4

Optionally run CMP: Squeeze File — cut token count by ~50%

5

Paste into Copilot Chat or reference the file — nothing leaks

Bulk option: Run CMP: Fix All Open Files once at the start of each session to clean every open tab simultaneously.

Your code never leaves your machine

The extension has no telemetry, no analytics, and no network calls of its own. It reads your file locally, processes it with the same engine used by the CLI, and writes it back. Nothing is sent to CleanMyPrompt servers. This is verifiable — the extension source is available and the VSIX contains no outbound requests.

Licensing

Free — Personal Use
  • Individual developers
  • Open-source projects
  • Personal Copilot workflow
Commercial License — Teams
  • Org-wide developer toolchain deployment
  • Bundled in a commercial product
  • Mandated for a paid engineering team
Contact us for pricing

Install CleanMyPrompt for VS Code

Search "CleanMyPrompt" in the VS Code Marketplace, or click below.

Install from MarketplaceAlso available as CLI →