Bug Fixes

• Fix container UID from 1001 to 1000 to match typical Linux host users, resolving permission denied errors when bind-mounting volumes (#77, fixes #76)

Features

⏱️ Configurable request timeout — The request timeout is now configurable via server.request_timeout in config.yaml (#78)

server:
  request_timeout: 600  # seconds (default: 600, 0 = no timeout)

The default has been increased from 120 to 600 seconds (matching OpenAI and Anthropic SDK defaults). Set to 0 to disable the timeout entirely.

Full Changelog: v0.3.3...v0.3.4

Fixes

🔧 Prompt caching restored — Fixed Zod schemas silently stripping cache_control fields from Anthropic requests (#74)

Without .passthrough() on nested schemas, fields like cache_control: { type: "ephemeral" } were removed before forwarding to the API. This caused all requests to be billed as uncached, significantly increasing token costs.

Also in this release

• Added .passthrough() to OpenAI schemas for consistency (preserves name, tool_calls, audio fields)
• Added regression tests for both providers

Full Changelog: v0.3.2...v0.3.3

Fixes

🔧 SIGILL crash on CPUs without AVX2 — Fixed crash on older/low-power x86_64 CPUs like Intel Atom C3558R (#70)

The Docker image now uses Bun's baseline build which only requires SSE4.2, supporting CPUs without AVX2 instructions.

Breaking Change

Volume mount paths changed from /app/ to /pasteguard/:

# Before
volumes:
  - ./config.yaml:/app/config.yaml:ro
  - ./data:/app/data

# After
volumes:
  - ./config.yaml:/pasteguard/config.yaml:ro
  - ./data:/pasteguard/data

Other Changes

• Container now runs as non-root user (UID 1001) for improved security
• Fixed compatibility with updated presidio-analyzer base image

Full Changelog: v0.3.1...v0.3.2

Fixes

🔧 Missing Presidio Recognizers — Fixed detection failures for URL, US_SSN, CRYPTO and other entity types (#67)

The Presidio config generator was only including 6 recognizers, missing standard ones like UrlRecognizer, UsSsnRecognizer, CryptoRecognizer. Users who enabled these entity types in their config would not get any detection results.

Changes

• Added global recognizers for pattern-based detection (7 recognizers)
• Added language-specific recognizers that load only when that language is configured:
  • EN: US + UK recognizers (SSN, driver license, passport, etc.)
  • ES: Spanish NIF/NIE
  • IT: Italian documents (fiscal code, driver license, etc.)
  • PL: Polish PESEL
  • KO: Korean RRN

Full Changelog: v0.3.0...v0.3.1

Highlights

🔧 Generic Mask API — New /api/mask endpoint for standalone text masking without chat context

📊 Dashboard Source Tracking — See which endpoint (OpenAI, Anthropic, Mask API) each request came from

🏷️ Cleaner Placeholders — Secrets now use [[TYPE_N]] format (e.g., [[API_KEY_SK_1]]) matching PII placeholders

New Features

Generic Mask API

Mask any text without the chat completions structure:

curl -X POST http://localhost:3000/api/mask \
  -H "Content-Type: application/json" \
  -d '{"text": "Contact John at john@example.com"}'

Response:

{
  "masked_text": "Contact [[PERSON_1]] at [[EMAIL_ADDRESS_1]]",
  "entities": [...]
}

Dashboard Improvements

• Source column shows request origin (OpenAI, Anthropic, Mask API)
• Better visibility into which integration is being used

Breaking Changes

Placeholder Format for Secrets

Secrets now use [[TYPE_N]] format instead of [[SECRET_MASKED_TYPE_N]]:

Secret Type Renamed

API_KEY_OPENAI → API_KEY_SK (now covers OpenAI, Anthropic, Stripe, RevenueCat)

Update your config if you explicitly list secret entities:

secrets_detection:
  entities:
    - API_KEY_SK  # was: API_KEY_OPENAI

Fixes

• Increased Presidio startup timeout for multi-language images
• Fixed entity extraction for consistent API responses

Documentation

📚 Full documentation: https://pasteguard.com/docs

Full Changelog: v0.2.1...v0.3.0

Changed

• Replaced generic "provider" and "LLM" terminology with "OpenAI or Anthropic"
• Improved phrasing: "before they reach the API"
• README: demo gif at top, dashboard in Quick Start section

Fixed

• Version test now uses regex instead of hardcoded version

Anthropic API support is here! PasteGuard now works with Claude, Claude Code, and the full Anthropic ecosystem.

Highlights

🤖 Anthropic Support — Native /anthropic/v1/messages endpoint with full PII and secrets detection

🔧 Claude Code Integration — One environment variable: ANTHROPIC_BASE_URL=http://localhost:3000/anthropic claude

🎯 Role-Based Filtering — New scan_roles config to scan only user messages, reducing false positives on system prompts

✅ Whitelist — Exclude known text patterns (company names, product IDs) from PII masking

New Features

Anthropic API Support

Full support for the Anthropic Messages API:

curl http://localhost:3000/anthropic/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{"model": "claude-sonnet-4-20250514", "max_tokens": 1024, "messages": [{"role": "user", "content": "Hello"}]}'

• Transparent header forwarding (x-api-key, Authorization, anthropic-beta)
• Streaming support with real-time unmasking
• Scans system prompts, messages, thinking blocks, and tool results
• Works with mask mode and route mode

Role-Based Filtering

Scan only user-controlled content to reduce Presidio API calls and avoid false positives:

pii_detection:
  scan_roles:
    - user
    - tool
    - function

secrets_detection:
  scan_roles:
    - user
    - tool

Whitelist

Prevent false positives on known text patterns:

masking:
  whitelist:
    - "Acme Corp"
    - "Product XYZ"

Quick Start

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:en

Dashboard: http://localhost:3000/dashboard

Breaking Changes

None. Fully backward compatible with v0.1.0.

Documentation

📚 Full documentation: https://pasteguard.com/docs

Full Changelog: v0.1.0...v0.2.0

The first public release of PasteGuard — a privacy proxy for LLMs that masks personal data and secrets before sending to your provider.

Highlights

🔒 PII Detection — Detect and mask names, emails, phone numbers, credit cards, IBANs, IP addresses, and locations using Microsoft Presidio

🔑 Secrets Detection — Catch private keys, API keys (OpenAI, AWS, GitHub), JWT tokens, and credentials before they reach the LLM

🌍 24 Languages — Automatic language detection with support for English, German, French, Spanish, and 20 more

🐳 Prebuilt Docker Images — Zero-config deployment with language-specific images

📊 Dashboard — Real-time monitoring of protected requests

🔄 Streaming Support — Real-time unmasking as tokens arrive from the LLM

Two Privacy Modes

Mask Mode — Replace PII with placeholders like [[PERSON_1]], send to your provider, restore in response. No local infrastructure needed.

Route Mode — Send PII requests to a local LLM (Ollama, vLLM, llama.cpp), everything else to your cloud provider. Data never leaves your network.

Quick Start

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:en

Point your app to http://localhost:3000/openai/v1 instead of https://api.openai.com/v1.

Dashboard: http://localhost:3000/dashboard

European Languages

For German, Spanish, French, Italian, Dutch, Polish, Portuguese, and Romanian:

docker run --rm -p 3000:3000 ghcr.io/sgasser/pasteguard:eu

Docker Images

Languages are auto-configured per image — no config changes needed.

Features

PII Detection

• Names, emails, phone numbers
• Credit cards, IBANs
• IP addresses, locations
• Configurable confidence threshold
• Automatic language detection

Secrets Detection

• OpenSSH and PEM private keys
• API keys: OpenAI, AWS, GitHub
• JWT tokens, Bearer tokens
• Environment variable credentials
• Configurable actions: redact, block, or route to local

Integrations

Works with any OpenAI-compatible tool:

• OpenAI SDK (Python/JS)
• LangChain, LlamaIndex
• Cursor, Open WebUI, LibreChat

Tech Stack

• Bun — JavaScript runtime
• Hono — Web framework
• Microsoft Presidio — PII detection
• SQLite — Request logging

Documentation

📚 Full documentation: https://pasteguard.com/docs

Contributors

Thanks to everyone who contributed to this release:

• @sgasser (Stefan Gasser)
• @maximiliancw (Max Wolf)
• @mkroemer (Markus)

License

Apache 2.0

Full Changelog: https://github.com/sgasser/pasteguard/commits/v0.1.0