Key Takeaways
- og-local is a local proxy that redacts PII/secrets from Claude Code API calls using an ONNX model.
- Install via curl, run ogl claude.
- No cloud round-trip, no data leaks.
What Changed — Local Privacy Proxy for Claude Code
When Claude Code reads a file, that file's contents are shipped to Anthropic's API. Most of the time that's fine — you're working on open-source code or have a vendor agreement. But sometimes it isn't: a .env slipped into a diff, a customer email in a test fixture, an API key in a comment, a stack trace from a private service.
og-local is a single binary that runs on your machine, intercepts the API calls your agent makes, detects PII and secrets in the prompt body before it leaves localhost, swaps them with opaque placeholders, forwards the redacted prompt upstream, and transparently restores the originals in the response. The agent never sees the difference. The upstream provider never sees the secrets.
Detection runs in-process via the openai/privacy-filter ONNX model. There's no cloud round-trip and no network call to anywhere except the upstream provider you were already calling.
What It Means For You — No More Leaky Prompts
If you work in:
- Fintech or healthcare — patient data, account numbers, or PII in test fixtures get redacted before they reach Anthropic.
- A startup with a small team — you can use Claude Code on your full codebase without worrying about
.envfiles or hardcoded secrets in legacy code. - Open-source — you can share Claude Code sessions or logs without scrubbing them manually.
- Compliance-required environments — SOC 2, HIPAA, or GDPR audits become simpler when you can prove no sensitive data left your machine.
og-local works with both Claude Code and OpenAI Codex (the API, not the product). It's a transparent proxy — you don't change your workflow, you just prefix your command.
Try It Now — Setup in 2 Minutes
1. Install
macOS / Linux:
curl -fsSL https://raw.githubusercontent.com/outgate-ai/og-local/main/scripts/install.sh | sh
Windows (PowerShell):
irm https://raw.githubusercontent.com/outgate-ai/og-local/main/scripts/install.ps1 | iex
This installs the ogl binary and, on platforms that support redaction, places the bundled ONNX Runtime where ogl expects it.
2. Download the detection model (one-time, ~840MB)
ogl model pull
This downloads the model into ~/.cache/og-local and fetches the ONNX Runtime if missing.
3. Launch Claude Code with redaction
ogl claude "your prompt"
That's it. ogl claude "..." and ogl codex "..." now redact PII and secrets automatically. If anything is missing on first run, ogl offers to download it on the spot before launching the agent.
Pro tip: Make it your default
alias claude='ogl claude'
How It Works Under the Hood
og-local doesn't modify Claude Code's code. It acts as a transparent HTTP proxy that intercepts API calls. When Claude Code sends a prompt, og-local:
- Captures the request body
- Runs the ONNX privacy filter to detect PII (emails, SSNs, API keys, etc.)
- Replaces detected items with opaque placeholders (e.g.,
[REDACTED_EMAIL_1]) - Forwards the redacted prompt to Anthropic's API
- Intercepts the response and restores the original values
The agent sees the full response with original data. The API provider never sees the secrets. No data leaves your machine except the redacted prompt.
Platform Notes
- Redaction-capable platforms (most Linux, macOS ARM, Windows): The install script bundles ONNX Runtime. Redaction works out of the box.
- Passthrough-only platforms (Intel macOS, some edge cases):
ogl claudeandogl codexexit with a clear "this build cannot redact" message rather than forwarding your prompt unprotected. Use the install script or a release archive for full redaction. - macOS first run: Gatekeeper may quarantine the binary. Run
xattr -d com.apple.quarantine $(command -v ogl)or right-click → Open once. - Windows first run: SmartScreen may flag the unsigned
.exe. Click "Run anyway" after verifying the checksum from the GitHub release.
Source: github.com
