| name | trace-sanitizer |
| description | Export Claude Code, Codex, Gemini CLI, and OpenCode conversation history for TRACED. Use when the user asks about exporting conversations, donating to TRACED, configuring trace-sanitizer, reviewing PII/secrets in exports, or managing their dataset.
|
| allowed-tools | Bash(trace-sanitizer *), Bash(pip install trace-sanitizer*) |
Trace-Sanitizer Skill
THE RULE
Every trace-sanitizer command outputs next_steps. FOLLOW THEM.
Do not memorize the flow. Do not skip steps. Do not improvise.
Run the command -> read the output -> follow next_steps. That's it.
The CLI tracks your stage (1-3: configure -> review -> confirmed).
Getting Started
Run trace-sanitizer status (or trace-sanitizer prep for full details) and follow the next_steps.
Output Format
trace-sanitizer prep, trace-sanitizer config, trace-sanitizer status, and trace-sanitizer confirm output pure JSON
trace-sanitizer export outputs human-readable text followed by ---TRACE_SANITIZER_JSON--- and a JSON block
- Always parse the JSON and act on
next_steps
Key fields:
stage / stage_number / total_stages -- where you are
next_steps -- follow these in order
next_command -- the single most important command to run next (null if user input needed first)
PII Audit (Stage 2)
After trace-sanitizer export, follow the next_steps in the JSON output. The flow is:
- Ask the user their full name -- then grep the export for it
- Run the pii_commands from the JSON output and review results with the user
- Ask the user what else to look for -- company names, client names, employer names, private URLs, other people's names, custom domains, account/org names (Vercel teams, Supabase projects), geographic identifiers, social profiles (LinkedIn, GitHub linked to real names), and any hardware identifiers
- Deep manual scan -- sample ~20 sessions (beginning, middle, end) and look for anything sensitive the regex missed. Check for resume/CV content, browser history, Discord data, and system forensics that could defeat anonymization
- Fix and re-export if anything found:
trace-sanitizer config --redact "string" then trace-sanitizer export
- Run
trace-sanitizer confirm with text attestations -- pass --full-name, --attest-full-name, --attest-sensitive, and --attest-manual-scan. It runs PII scan, verifies attestations, shows project breakdown, and confirms the export.
- Donate -- the export folder contains trajectories.jsonl + CDLA-Permissive-2.0 license. Zip the folder, upload to Google Drive, and share with donate@traced.run
Commands Reference
trace-sanitizer status
trace-sanitizer prep
trace-sanitizer prep --source all
trace-sanitizer prep --source claude
trace-sanitizer prep --source codex
trace-sanitizer prep --source gemini
trace-sanitizer prep --source opencode
trace-sanitizer confirm --full-name "NAME" --attest-full-name "..." --attest-sensitive "..." --attest-manual-scan "..."
trace-sanitizer confirm --file /path/to/file.jsonl --full-name "NAME" --attest-full-name "..." --attest-sensitive "..." --attest-manual-scan "..."
trace-sanitizer list
trace-sanitizer list --source all
trace-sanitizer list --source codex
trace-sanitizer config
trace-sanitizer config --source all
trace-sanitizer config --exclude "a,b"
trace-sanitizer config --redact "str1,str2"
trace-sanitizer config --redact-usernames "u1,u2"
trace-sanitizer config --confirm-projects
trace-sanitizer export
trace-sanitizer export --source all
trace-sanitizer export --source codex
trace-sanitizer export --source claude
trace-sanitizer export --source gemini
trace-sanitizer export --source opencode
trace-sanitizer export --all-projects
trace-sanitizer export --no-thinking
trace-sanitizer export -o /path/to/file.jsonl
trace-sanitizer update-skill claude
Gotchas
--exclude, --redact, --redact-usernames APPEND -- they never overwrite. Safe to call repeatedly.
- Source selection is REQUIRED before export -- explicitly set
trace-sanitizer config --source claude|codex|gemini|opencode|all (or pass --source ... on export).
trace-sanitizer prep outputs pure JSON -- parse it directly.
- PII audit is critical -- automated redaction is not foolproof.
- Large exports take time -- 500+ sessions may take 1-3 minutes. Use a generous timeout.
Prerequisite
command -v trace-sanitizer >/dev/null 2>&1 && echo "trace-sanitizer: installed" || echo "NOT INSTALLED -- run: pip install trace-sanitizer"