#DemoSafe — Make API Keys Invisible During Demos & Livestreams

I built an open-source macOS tool that solves a common problem: accidentally flashing API keys on screen during demos, livestreams, and tutorials.

Your screen shows sk-proj-... — clipboard holds the real key. Works across your entire workflow:

• Chrome Extension (Manifest V3) — Auto-masks keys on 11+ API consoles (OpenAI, Anthropic, Google AI Studio, AWS, Stripe, GitHub…)
• VS Code Extension — Inline editor masking via Decoration API
• Swift Menu Bar App — Central hub with Keychain storage, hotkeys, floating toolbox

Google dev tools used:

• Chrome Manifest V3 — content scripts, service workers, Native Messaging Host - Clipboard API interception for Google AI Studio's programmatic writes
• Per-platform CSS isolation generated at build time

3-layer anti-flash system ensures keys never appear on screen, even for a single frame.

📦 https://github.com/easyvibecoding/demosafe | Apache 2.0

(Details in thread 👇)

Architecture & details:

All components sync via WebSocket on localhost with token auth. Keys stored in macOS Keychain — never in plaintext. Smart Key
Extraction uses confidence-based detection: ≥0.7 auto-store, 0.35–0.7 confirm dialog, <0.35 ignore.

Tech stack: Swift/SwiftUI · TypeScript · Chrome Manifest V3 · VS Code Extension API · WebSocket IPC · macOS Keychain

Looking for:

• Feedback on Chrome extension capture pattern architecture
• Contributors for Linux/Windows support
• Ideas for new platforms

Small note — my Google account is temporarily suspended, so the project runs entirely on GitHub auth for now (CI, issues, releases).
Best way to reach me is through GitHub 😅