Skip to content

How to keep private and company data out of AI commits

Do this with Claude CodeCopy a prompt that links the cckit docs so Claude learns the CLI, then follows these steps.

What you’ll set up: cckit’s secret guard already blocks keys and .env files. This adds your private terms — org names, internal hostnames, emails, anything specific to you — so the guard fails any commit that contains them. cckit ships the list empty: it never guesses what’s yours, so nothing project-specific is baked into the kit.

  1. Copy the example denylist. The target is gitignored, so your terms never get committed either.

    Terminal window
    cp privacy-denylist.example .cckit/privacy-denylist
  2. List your private terms. One per line — org names, hosts, emails, anything private to you.

    .cckit/privacy-denylist
    acme-internal
    vpn.acme.example
    jane@acme.example
  3. Prove it blocks them. Stage a file that mentions a listed term and try to commit — the guard fails the commit.

    Terminal window
    git add . && git commit -m "test"
    # ✗ blocked: private term "acme-internal" found in a tracked file

The guard checks code, docs, the cookbook, examples, and templates — every commit, every time — and your denylist is checked alongside the built-in rules for keys and env files. Because the list lives in .cckit/privacy-denylist (gitignored) and cckit ships it empty, the kit stays agnostic: you declare what’s private to you, and nothing about your org is ever hardcoded upstream.

My denylist file got committed. It shouldn’t — .cckit/privacy-denylist is gitignored by default. If you copied it elsewhere, move it back to that path so it’s ignored.

A term matches too broadly. The guard matches the literal term. Choose specific strings (a full hostname rather than a common word) so it doesn’t trip on unrelated text.

Nothing was blocked. Confirm the file is at .cckit/privacy-denylist, the terms are one per line, and the pre-commit hook is enabled with git config core.hooksPath githooks.

Independent, educational project — not affiliated with or endorsed by Anthropic. Claude and Claude Code are trademarks of Anthropic PBC. Disclaimer & trademarks

From Mexico with love by josegtz