PromptCape logo

PromptCape

Java and Python code obfuscation for AI coding assistants. Your code is obfuscated before the AI sees it, then changes are transparently reversed.

Free for 3 months — no credit card required

Start Free Trial

Java

Spring Data findByXxx, JPA entities, Lombok accessors, Jackson @JsonProperty, REST endpoint paths — all protected.

What you write

package com.acme.billing;

public class InvoiceService {
    private final CustomerRepository repo;

    public Invoice createInvoice(
            String customerId,
            double amount) {
        Customer c = repo.findById(customerId);
        return new Invoice(c, amount);
    }
}

What the AI sees

package pkg_dbb0472d;

public class Cls_1019e8c4 {
    private final Cls_38a36e28 fld_0fb06a37;

    public Cls_074c3843 mtd_cd4dcc1c(
            String fld_a7c92e1b,
            double fld_9f720679) {
        Cls_b068b09e c = fld_0fb06a37.mtd_bbc8da48(fld_a7c92e1b);
        return new Cls_074c3843(c, fld_9f720679);
    }
}

Python

Framework names (FastAPI, BaseModel) and Pydantic field names (the JSON contract) stay intact; user class and method names are renamed.

What you write

from fastapi import FastAPI
from pydantic import BaseModel

class Invoice(BaseModel):
    customer_id: str
    amount: float

class InvoiceService:
    def create_invoice(
            self,
            customer_id: str,
            amount: float) -> Invoice:
        return Invoice(
            customer_id=customer_id,
            amount=amount,
        )

What the AI sees

from fastapi import FastAPI
from pydantic import BaseModel

class Cls_3a8f9d2e(BaseModel):
    customer_id: str
    amount: float

class Cls_71c4b8a5:
    def mtd_2d09f17b(
            self,
            customer_id: str,
            amount: float) -> Cls_3a8f9d2e:
        return Cls_3a8f9d2e(
            customer_id=customer_id,
            amount=amount,
        )

What PromptCape protects

Code identifiers

Packages, classes, methods, fields, and endpoints are renamed with deterministic HMAC hashes. The AI cannot infer your business domain.

Project structure

Package hierarchy is flattened to a single level. com.acme.billing.service becomes pkg_a1b2c3d4.

Build files

pom.xml is sanitized: internal repos, SCM URLs, developer info, and credentials are removed. Dependencies are preserved.

Configuration

application.properties and .yml files: passwords, tokens, and internal URLs are replaced with safe placeholders.

Comments & documentation

All comments and docstrings are sanitized: Java Javadoc / block / line comments and Python # comments / """docstrings""" are replaced with generic placeholders while preserving the exact line count (critical for traceback line numbers and the line-preserving reverse-apply merge). README.md identifiers are replaced. No business context leaks.

Framework intelligence

Java: Lombok, Spring Boot, Spring Data, JPA/Hibernate, Jackson, OpenAPI, Validation, Spring Config, Spring REST. Protects field names, repository query methods (findByXxx), JPQL entity references, accessor methods, and obfuscates REST endpoint paths.

Python: Pydantic v2 (BaseModel field AST scan), FastAPI, Flask (view function AST scan for url_for() endpoints), Django + DRF (model class + field, CBV/FBV view, form / serializer field + clean_X AST scans; migrations/ copied verbatim), SQLAlchemy (declarative model scan), Streamlit, pandas, Authlib, ldap3, python-dotenv, pytest (test discovery scan for def test_*), dataclasses / attrs, Celery (@app.task / @shared_task function + parameter scan — broker matches kwargs by name), Click / Typer (@command / @option / @argument function + parameter scan — CLI options matched to Python kwargs by name), requests / httpx (whitelist of Response attrs, request kwargs, exceptions). Plus a stdlib-common-attrs detector for safe access to datetime / dict / list / str / sqlite3 / pathlib / logging methods.

API calls

HTTP proxy mode intercepts API calls to Claude, Mistral, or any LLM, obfuscating on the fly.

Secrets stay off the workspace (Python)

.env files are never copied to the obfuscated workspace. Your real database URLs, API keys, OAuth secrets stay in the source project (gitignored). The companion command promptcape run reads the source .env at launch time and injects every KEY=VALUE as an OS environment variable into the child process. streamlit run, pytest, python main.py all work normally — but any AI tool reading the workspace directory finds zero credentials.

GDPR: PII pseudonymization

Personally Identifiable Information (PII) in string literals is automatically detected and replaced with format-valid pseudonyms: email addresses, phone numbers, social security numbers, IBANs, credit cards, public IPs. Deterministic (same PII → same pseudonym across files).

Smart reverse-apply

Line-preserving 3-way merge keeps your original comments, Javadoc / Python docstrings, and formatting for every line the AI didn’t touch — zero information loss. AI-generated variable names are translated to readable names. Auto-realignment when versions mismatch.

Auto-fix compilation

Verifies the obfuscated code compiles, identifies conflicting identifiers, and re-obfuscates until green. Exclusions are persisted across runs. Supports multi-module projects with parallel build commands.

Optimized performance

Parallel Java file processing, AST caching (parse once, reuse), smart asset skipping, and parallel build verification. Python obfuscation runs through a bundled LibCST sidecar with concurrent stdout/stderr draining (no pipe-buffer deadlocks on large projects) and forced UTF-8 stdin/stdout for cross-platform encoding correctness.

Cursor / VS Code integration

One terminal profile: open a “PromptCape Claude” terminal and a wrapper script does it all — resolves the cache (and offers to obfuscate the project if it has not been done yet), starts the proxy in the background, cds into the workspace, and launches claude with ANTHROPIC_BASE_URL set. An auto-installed Stop hook prints “cache compiles OK — N files ready to apply” after every AI response. promptcape proxy --logs tails the live obfuscate/de-obfuscate stats per request so you can watch nothing leaks.

GDPR-ready: PII never reaches the AI

PII (Personally Identifiable Information) is any data that can identify a natural person — directly or indirectly. It includes names, email addresses, phone numbers, social security numbers, bank account numbers, IP addresses, and more. Under the GDPR (EU General Data Protection Regulation), sending PII to a third-party AI service without appropriate safeguards is a compliance risk.

PromptCape automatically detects PII inside Java string literals and configuration files, and replaces them with deterministic, format-valid pseudonyms before the code reaches the AI. For Python: .env files are NOT copied to the workspace at all — secrets stay in your source project, and promptcape run <cmd> injects them as OS environment variables at subprocess launch. The AI literally cannot read what's never on disk. PII pseudonymization for Python source-string literals is on the roadmap.

Your test data

User user = new User(
    "Jean Dupont",
    "jean.dupont@acme.fr",
    "+33 6 12 34 56 78"
);
String iban = "FR7630006000011234567890189";
String card = "4111 1111 1111 1111";

What the AI sees

Cls_a1b2c3d4 fld_e5f6 = new Cls_a1b2c3d4(
    "Jean Dupont",
    "user_7f3a@example.com",
    "+33 6 00 42 18 73"
);
String fld_9c8d = "FR00 0000 0000 7291 4063 812";
String fld_1a2b = "4000 0000 0000 3847";

Same PII always produces the same pseudonym — test assertions that compare values still pass. Private IPs (192.168.x.x, 127.0.0.1) and version numbers are preserved.

What PromptCape protects (and what it doesn’t)

PromptCape addresses one specific threat: your source code leaking to the AI provider during development sessions. Calling out the boundary explicitly because adjacent threats look similar but need different tools.

Yes, this is PromptCape’s job

AI-provider transit. Your code reaching Anthropic, OpenAI, or Mistral servers while you use Claude Code, Cursor, Aider, or any compatible IDE assistant. PromptCape obfuscates outgoing prompts and reverse-maps the AI’s reply, so the provider sees only renamed identifiers.

No — different problem, different tool

End-user inspection of your distributed product. Python .py files are readable as-is; .pyc bundles via PyInstaller decompile in minutes. Java .class files in a JAR decompile cleanly too. PromptCape’s obfuscated workspace lives only on the developer’s machine during AI sessions — it never ships with the product. Pair PromptCape with a packaging-layer protection for that threat: Nuitka or Cython for native compilation, ProGuard / R8 for Java release builds, or a SaaS deployment that keeps source on your servers entirely.

The two layers are independent. A developer who needs both protections uses PromptCape during development AND a packaging-layer tool at release time. Neither replaces the other.

Supported Languages

Java

Fully supported. AST parsing via JavaParser: packages, classes, methods, fields, enums, records. Deterministic HMAC-based identifier obfuscation with package flattening.

Framework detectors: Lombok, Spring Boot, Spring Data, JPA/Hibernate, Jackson, Bean Validation, OpenAPI, Spring Config.

Python

Fully supported. AST parsing via LibCST through a bundled Python sidecar: classes, functions, attributes, type annotations. Same deterministic identifier obfuscation as Java, with line-preserving comment and docstring stripping.

Framework detectors: Pydantic v2 (BaseModel field scan), FastAPI, Flask (view function scan), Django (model + view + form AST scans, incl. DRF), SQLAlchemy (declarative model scan), Streamlit, pandas, Authlib, ldap3, python-dotenv, pytest (test discovery scan), dataclasses / attrs, Celery (task + param scan), Click / Typer (command + param scan), requests / httpx (whitelist).

Coming soon

Kotlin — parser integration planned (kotlinx.ast).
JavaScript / TypeScript — via Babel or the TypeScript compiler API.

How it works

1

Obfuscate

Scan your project, collect all identifiers under your base package, create an obfuscated workspace. Use --verify to auto-fix compilation errors by excluding conflicting identifiers.

promptcape obfuscate --base-package com.acme --verify ./my-project
2

AI + Build cycle

Iterate with the AI until the build is green:

  • 1. Point AI at the obfuscated workspace
  • 2. AI makes changes
  • 3. Build to verify: mvn compile
  • 4. If errors, ask AI to fix
  • 5. Repeat until green
3

Apply changes back

Line-preserving merge: only AI-modified lines are de-obfuscated. Your original comments, formatting, Javadoc, and Python docstrings are preserved — zero data loss.

promptcape apply
4

Build & Push

Verify and ship your real code:

  • 1. Build original: mvn compile / mvn test
  • 2. If OK, commit and push to git

Simple pricing

Start here

Free Trial

0 €
3 months
  • All features included
  • CLI + Proxy modes
  • No credit card required
  • No commitment
Get Free License

3 Months

12 € / 3 months
Renew every 3 months
  • All features included
  • CLI + Proxy modes
  • Email support
  • 4 € / month
Contact us

1 Year

40 € / year
Best value
  • All features included
  • CLI + Proxy modes
  • Priority email support
  • 3.33 € / month
Contact us

Download

All platforms (JAR + scripts)

Includes launcher scripts for Windows, Linux, macOS, and Git Bash. Requires Java 25+. For Python projects also needs Python 3.10+ on PATH with libcst installed (pip install libcst).

Download ZIP

Linux native binary

Standalone executable, no Java required. Built with GraalVM native-image. For Python projects: same libcst prerequisite as above.

Download binary

A valid license is required to run PromptCape. Get your free license below.

Get your free license

Fill out this form and we'll send you a 6-month free license key within 24 hours.

Support & Feedback

Found a bug, have a question, or want to suggest a feature? Let us know.