One-Click Security Check

Trace privacy leak risks and safely share your AI programming projects.

Why Security Check?

When using AI programming assistants, conversation logs often contain various sensitive information:

• API Keys: You might have pasted keys for OpenAI, Anthropic, etc., in the chat.
• Passwords & Credentials: Database passwords, server login credentials, etc.
• Personal Information: Email addresses, phone numbers, etc.

Sharing these conversation logs directly can pose security risks. The One-Click Security Check function automatically identifies and flags this sensitive information, letting you clearly understand potential privacy risks before sharing.

Security Guarantee

Mantra's security suite includes not only manual checks but also Pre-Tool Use Detection, which intercepts sensitive data leakage in real-time before tools are executed. Security checks only flag information; you can choose to redact it before sharing, and your original data remains untouched.

Use Cases

• Real-time Protection: Prevent AI from automatically reading sensitive files containing keys during your session.
• Team Collaboration: Sharing projects with colleagues or team members.
• Social Sharing: Posting to social media to showcase your AI programming results.
• Issue Reporting: Submitting issues with conversation logs without worrying about leaking sensitive info.

Built-in Security Rules

Mantra comes with built-in rules for recognizing common sensitive information, ready to use without configuration.

Supported Detection Types

Type	Description	Recognition Method	Redaction Effect
🔑 API Key	OpenAI, Anthropic, Claude keys	Auto-identify prefixes like sk-, anthropic-	sk-****
🔒 Password	Various password strings	Identify content after keywords like password, pwd	****
🎫 Token	JWT, Bearer Token, etc.	Identify features like Bearer, eyJ	eyJ****
👤 Personal Info	Emails, Phone numbers	Pattern match common formats	***@***.com
🗄️ DB Credential	DB connection strings, passwords	Identify connection string formats	****
🌐 Private Address	Intranet IPs, Private domains	Identify private subnets and internal domains	***.***.***

Detection & Redaction Example

Detected Sensitive Info (Original):

My OpenAI API Key is sk-proj-abc123xyz456...
Database password is MySecretPwd123
Please send to [email protected]

After Redaction (Safe to Share):

My OpenAI API Key is sk-****
Database password is ****
Please send to ***@***.com

Custom Detection Rules

In addition to built-in rules, you can add your own rules to meet specific needs.

Adding a New Rule

1. Go to Settings → Security Check Rules.
2. Click the Add Rule button.
3. Enter a rule name (e.g., Internal Project Code).
4. Set the matching pattern (see explanation below).
5. Click Save to finish.

Matching Pattern Guide

What is a Matching Pattern?

A matching pattern is a way to describe "what content to hide". You don't need to know programming; you can use simple and intuitive patterns to define it.

Common Pattern Examples:

Pattern	Description	Match Example
PROJECT-*	Match any content starting with PROJECT-	PROJECT-001, PROJECT-ABC
*@company.com	Match company emails	[email protected]
Internal-???	Match specific format (? represents a single char)	Internal-A01, Internal-X99

Pattern Symbols:

• *: Matches any length of content (including empty).
• ?: Matches a single character.

Editing Rules

1. Find the rule you want to modify in the rule list.
2. Click the Edit button on the right side of the rule.
3. Modify the rule name or matching pattern.
4. Click Save to finish.

Deleting Rules

1. Find the rule you want to delete in the rule list.
2. Click the Delete button on the right side of the rule.
3. Click Confirm in the dialog.

Note

After deleting a built-in rule, sensitive information of that type will no longer be automatically detected. Please operate with caution.

Previewing Security Check Results

Before sharing, you can preview the effect of the security check to ensure sensitive information has been correctly identified and flagged.

Entering Preview Mode

1. Select the project to share.
2. Click the Security Check button in the toolbar.
3. The system will display the detected sensitive information and the redacted conversation content.

Confirming Detection Results

In the preview interface:

• Detected sensitive content is highlighted with a special style.
• You can scroll through the entire conversation to verify that all sensitive information has been identified.
• If omissions are found, you can return to add custom rules.

Adjusting Settings

If the detection results do not meet expectations, you can:

1. Add Rules: Found some sensitive info not detected? Add a new custom rule.
2. Adjust Rules: Detection range too broad or too narrow? Modify the matching pattern of existing rules.
3. Temporarily Disable: Some rules not needed for now? You can temporarily disable them without deleting.

Safely Sharing Projects

After confirming the security check results, you can safely share the project.

Sharing Process

1. Complete the security check preview and ensure satisfaction.
2. Click the Share button.
3. Choose a sharing method:
   • Generate Link: Create a shareable link.
   • Export File: Download the redacted project file.
4. Copy the link or save the file.

Share Link Usage

• Validity: Share links are valid for 7 days by default.
• Access: Anyone with the link can view the redacted content.
• Statistics: You can view link access counts in Share Management.

Suggestion

For particularly sensitive projects, it is recommended to set a shorter link validity period and check access status promptly after sharing.

Real-time Protection & Interception Records

Beyond manual checks, Mantra provides an active defense mechanism.

Pre-Tool Use Detection

When AI attempts to use a tool (e.g., read_file) to access file content, Mantra's privacy engine automatically scans the content before it's sent to the model. If sensitive info is detected:

1. Automatic Interception: Blocks the transmission of sensitive content.
2. Risk Notification: Displays the reason for interception in the chat interface.
3. Secure Replacement: If you choose to proceed, only the redacted secure content is sent.

Interception Records

All real-time interception events are stored for your review.

1. Click the "Interception Records" icon in the sidebar.
2. Review the timestamp, file path, matched rules, and the specific content that was blocked.
3. Use this interface to evaluate rule effectiveness or fine-tune your custom rules.

Usage Tips

Best Practices

1. Always Check Before Sharing: Develop a habit of security checking to ensure nothing is missed.
2. Regularly Check Rules: As projects evolve, new custom rules might be needed.
3. Stricter for Sensitive Projects: Consider adding more custom rules for particularly sensitive projects.
4. Original Data Preserved: Security checks only affect shared content; local data is always preserved intact.

Rule Priority

When multiple rules match the same content, they are processed in the following priority:

1. Custom Rules take precedence over Built-in Rules.
2. More Specific Rules take precedence over Broader Rules.
3. Later Added Rules take precedence over Earlier Added Rules.

Example

Suppose you have two rules:

• Built-in Rule: Matches all @*.com emails.
• Custom Rule: Keeps @public.com emails unredacted.

When encountering [email protected], the Custom Rule takes precedence, and the email will not be redacted.

FAQ

Can original content be seen after redaction?

No. Redaction is a one-way operation. Hidden content cannot be recovered from the shared copy.

But rest assured, your local original data is not modified. Redaction only affects the shared copy; you can view the complete original content at any time.

How to bulk redact multiple projects?

Currently, projects need to be redacted and shared one by one. Bulk operation features are being planned.

Workaround: You can set up all necessary redaction rules first, so the same rules will automatically apply when sharing different projects.

What if custom rules don't work?

Possible causes and solutions:

1. Rule Syntax Error

   • Check if the matching pattern correctly uses * and ? symbols.
   • Try testing with a simpler pattern.

2. Overridden by Other Rules

   • Check if higher priority rules are affecting the match.
   • Try adjusting rule order.

3. Need Re-preview

   • After modifying rules, you need to click Preview again to see the effect.
   • Ensure rule changes are saved.

How to recover content before redaction?

If you need to view the original content:

• Local Data: Just open the project directly; local data is never modified.
• Shared Content: Cannot be recovered, which is the security guarantee of the redaction feature.

If you want to reshare with new redaction settings, simply redact and share the original project again.

Does redaction affect project readability?

Mantra's redaction design tries to maintain content readability:

• Preserves Context: Only hides sensitive info itself, not affecting surrounding descriptive text.
• Smart Replacement: Uses meaningful placeholders (like sk-****) instead of complete deletion.
• Structure Maintained: Code blocks, lists, etc., formats are unaffected.

Therefore, even after redaction, conversation logs remain valuable for reference.

Next Steps

• Time Travel - Go back to any historical moment
• Message Filtering - Filter conversation messages by condition
• Shortcuts Reference - Improve efficiency