Hajib Code

PDPL-compliant AI coding assistant filter for Saudi Arabian developers.

Protects your secrets when using Cursor, GitHub Copilot, or other AI coding tools.

Features

✅ Detects 10+ types of PII - National IDs, phones, emails, credit cards, etc.
✅ Detects 9+ types of secrets - API keys, passwords, tokens, private keys, etc.
✅ Masks sensitive data - Before sending to AI
✅ Restores secrets - In AI responses (your code still works!)
✅ PDPL compliant - Meets Saudi Arabian data protection requirements
✅ Works with Cursor - And other AI coding assistants
✅ Runs locally - Your secrets never leave your machine

Installation

npm install -g hajib-code

Requirements: Node.js 16 or higher

🔐 Licensing

Hajib Code requires a valid license to run.

Getting a License

Contact: [email protected]
Subject: "Hajib Code License Request"

Pricing:

• 🆓 Trial: 14 days free (1 developer)
• 💼 Professional: $99/month per developer
• 🏢 Enterprise: Custom pricing (contact for quote)

What's Included

Your license includes:

• Number of developer seats
• Tier level (Trial, Professional, Enterprise)
• Validity period
• Email support

Quick Start

1. Setup (one-time)

hajib setup --license "YOUR-LICENSE-KEY-HERE"

This will:

• Validate your license
• Prompt for your Anthropic API key
• Save configuration to ~/.hajib/config.env

2. Install as background service

sudo hajib install

This will:

• Install Hajib as a macOS background service (auto-starts on boot)
• Configure system proxy to route AI traffic through Hajib
• No manual Cursor configuration needed!

3. Start filtering

hajib start

That's it! Hajib now runs in the background and automatically filters all AI requests.

Use Cursor normally - all requests are automatically routed through Hajib.

Or create a launch script (recommended):

# Create the script once
cat > ~/start-cursor-with-hajib.sh << 'EOF'
#!/bin/bash
if ! curl -s http://localhost:8080/health > /dev/null 2>&1; then
    echo "ERROR: Start Hajib first (hajib start)"
    exit 1
fi
export ANTHROPIC_API_KEY=your-key-here
export ANTHROPIC_API_BASE=http://localhost:8080
export HTTP_PROXY=http://localhost:8080
export HTTPS_PROXY=http://localhost:8080
open -a Cursor
EOF

chmod +x ~/start-cursor-with-hajib.sh

# Then launch Cursor anytime with:
~/start-cursor-with-hajib.sh

4. Use normally!

Use Cursor as you normally would. All requests are automatically filtered.

Watch the terminal where hajib start is running to see detections in real-time:

[11:36:30 AM] Request from Cursor
Detected 3 sensitive items:
  PII: 3 items
    - phone: +966501234567...
    - email: [email protected]...
Masking before sending to Claude...
Response sent to Cursor (1578ms)

Commands

| Command | Description | |---------|-------------| | hajib setup | Interactive configuration wizard | | hajib start | Start the proxy server (foreground) | | hajib start -p 9000 | Start on custom port | | hajib status | Check if proxy is running | | hajib test | Test detection on sample code | | hajib --version | Show version number | | hajib --help | Show all commands |

To stop: Press Ctrl+C in the terminal where hajib start is running.

How It Works

┌─────────┐     ┌─────────┐     ┌──────────┐
│ Cursor  │────▶│ Hajib   │────▶│ Claude   │
│         │     │ (local) │     │ (remote) │
└─────────┘     └─────────┘     └──────────┘
                     │
                Detects & Masks
                     │
    Your secrets ────┴──── Never sent to AI

1. You write code with secrets in Cursor
2. Hajib intercepts the request locally
3. Secrets are detected and masked
4. Masked code is sent to Claude
5. Claude responds with suggestions
6. Hajib restores your secrets in the response
7. You get working code with your real values!

Result: Claude never sees your secrets, but your code still works! 🎉

What Gets Detected

PII (Personal Identifiable Information)

• ✅ Saudi National IDs (10 digits)
• ✅ Saudi phone numbers (+966..., 05...)
• ✅ Saudi IBAN (SA + 22 digits)
• ✅ Email addresses
• ✅ Credit card numbers (with Luhn validation)
• ✅ Passport numbers
• ✅ Arabic identity keywords

Secrets

• ✅ AWS access keys & secret keys
• ✅ OpenAI API keys (including new sk-proj-... format)
• ✅ Anthropic API keys
• ✅ GitHub tokens
• ✅ Google API keys
• ✅ Private keys (RSA, EC, OpenSSH)
• ✅ Hardcoded passwords (context-aware)
• ✅ Generic API keys

Example

Your code (input to Cursor):

config = {
    "aws_key": "AKIAIOSFODNN7EXAMPLE",
    "db_password": "MySecretPass123!",
    "phone": "+966501234567"
}

What Claude sees (masked):

config = {
    "aws_key": "[AWS_KEY_REDACTED_1]",
    "db_password": "[PASSWORD_REDACTED_1]",
    "phone": "[PHONE_REDACTED_1]"
}

What you get back (unmasked):

def validate_config(config):
    if not config.get("aws_key"):
        raise ValueError("Missing AWS key")
    # ... validation code ...
    
# Your code with REAL values restored!
config = {
    "aws_key": "AKIAIOSFODNN7EXAMPLE",  # ← Real value!
    "db_password": "MySecretPass123!",   # ← Real value!
    "phone": "+966501234567"              # ← Real value!
}

Configuration

Configuration is stored in ~/.hajib/config.env:

ANTHROPIC_API_KEY=sk-ant-your-key-here
PORT=8080

You can edit this file manually or run hajib setup again to reconfigure.

Running in Background (Optional)

If you want to run Hajib in the background:

macOS/Linux:

# Option 1: nohup
nohup hajib start > ~/.hajib/output.log 2>&1 &

# Option 2: tmux (recommended)
tmux new -s hajib
hajib start
# Press Ctrl+B then D to detach

# Reattach later
tmux attach -t hajib

To stop background process:

# Find the process
ps aux | grep hajib

# Kill it
kill <PID>

Troubleshooting

"Port 8080 already in use"

Another service is using port 8080. Either:

• Stop that service, or
• Use a different port: hajib start -p 8081
• Update Cursor to use the new port

"Invalid API key" or "ANTHROPIC_API_KEY not configured"

Your Anthropic API key is missing or incorrect.

Fix:

• Run hajib setup again, or
• Edit ~/.hajib/config.env directly

"Connection refused" in Cursor

Make sure:

1. Hajib is running: hajib status
2. Cursor is configured: ANTHROPIC_API_BASE=http://localhost:8080
3. Port matches (default: 8080)

Secrets not being detected

Run hajib test to see what gets detected. If your secret type isn't supported:

1. Open an issue on GitHub (don't share the actual secret!)
2. We'll add support for it

Still not working?

Check the logs in the terminal where hajib start is running. They show:

• Incoming requests
• Detections made
• API communication
• Any errors

Uninstall

# Stop the proxy (Ctrl+C in terminal)

# Uninstall package
npm uninstall -g hajib-code

# Remove config (optional)
rm -rf ~/.hajib

Support

• Issues: GitHub Issues
• Email: [email protected]
• Website: https://hajib.sa

Privacy & Security

• ✅ Runs locally - Hajib runs on your machine
• ✅ No external servers - No data sent to Hajib servers
• ✅ Masked before AI - Secrets masked before sending to Claude
• ✅ Local storage - Config stored in ~/.hajib/ on your machine
• ✅ Open source - Audit the code yourself

Your code and secrets are only sent to your chosen AI provider (Claude, OpenAI, etc.) after masking.

License

MIT License - see LICENSE file

Compliance

Hajib helps you comply with:

• 🇸🇦 PDPL (Saudi Personal Data Protection Law)
• 🇪🇺 GDPR (European General Data Protection Regulation)
• 🇺🇸 CCPA (California Consumer Privacy Act)

By masking PII before it leaves your machine.

Contributing

Contributions welcome! Please open an issue or PR on GitHub.

Made with 🛡️ in Saudi Arabia

Protect your secrets. Use AI safely. Stay compliant.