CASE STUDY/02·OBSCURA · FOSSSHIPPED 2025 · v2.1.0 · MIT
“PII redaction that never leaves the client.”
★ FOSS · LOCAL-FIRSTObscura is AAL's open-source PII redaction tool for ChatGPT prompts. 100% local execution, 56+ entity types detected, zero bytes leak to the wire. Built in a Forge sprint, released under MIT. The case study for how Forge ships FOSS that clients can adopt internally before paying for the SaaS version.
BYTES LEAKED0
ENTITY TYPES56+
EXECUTION100% Local
LICENSEMIT
TIME TO RELEASE4 Weeks
02 · THE BRIEFSolve PII before ChatGPT does.
Every client we briefed worried out loud about the same thing: their team was already pasting customer data, contract clauses, and internal numbers into ChatGPT. Compliance had memos out. Legal had policies. Nothing was actually stopping it because the friction of “open a different tool” was higher than the perceived risk. We built Obscura so the friction lives in the wrong place. Redaction happens before the prompt leaves the browser, not after a quarterly audit catches it.
03 · SCOPEDetection engine✓ INCLUDED
Browser extension✓ INCLUDED
Entity library (56+)✓ INCLUDED
Public GitHub release◐ LIVE
04 · HOW IT SHIPPED
Four weeks. Open by week five.
01 · SCOPEWEEK 1
Pick the entity library.
Started with NER baselines, added regex catches for the cases NER misses at scale (emails, IBANs, license plates, internal project codenames). Settled on 56 entity types covering 95% of what clients flagged as “do not send.” Local-first was non-negotiable from day one.
02 · BUILDWEEKS 2–3
Browser-side, no network.
WASM-compiled detection model running entirely in the browser. Prompt is intercepted, redacted, sent. Zero round-trips. UI overlay shows redactions inline so users see what's being protected. Built as a browser extension because the alternative (an SDK clients have to integrate) would have killed adoption.
03 · HARDENWEEK 4
Audit, document, ship under MIT.
Security pass on the extension manifest permissions. Removed every analytics call. Wrote the README to assume a security team would read it before letting anyone install. Released to GitHub under MIT with a single-binary install script for compliance teams to vet.
04 · COMPOUNDWEEK 5 → ONGOING
Open-source release, paid SaaS to follow.
Public on GitHub. Adopted internally by three agency clients within the first month. The SaaS version (centralized policies, audit logs, fleet management) is the natural Forge follow-up: same engine, different distribution. Obscura proves Forge can ship FOSS that lands.
01 · SCOPEWEEK 1
Pick the entity library.
Started with NER baselines, added regex catches for the cases NER misses at scale (emails, IBANs, license plates, internal project codenames). Settled on 56 entity types covering 95% of what clients flagged as “do not send.” Local-first was non-negotiable from day one.
02 · BUILDWEEKS 2–3
Browser-side, no network.
WASM-compiled detection model running entirely in the browser. Prompt is intercepted, redacted, sent. Zero round-trips. UI overlay shows redactions inline so users see what's being protected. Built as a browser extension because the alternative (an SDK clients have to integrate) would have killed adoption.
03 · HARDENWEEK 4
Audit, document, ship under MIT.
Security pass on the extension manifest permissions. Removed every analytics call. Wrote the README to assume a security team would read it before letting anyone install. Released to GitHub under MIT with a single-binary install script for compliance teams to vet.
04 · COMPOUNDWEEK 5 → ONGOING
Open-source release, paid SaaS to follow.
Public on GitHub. Adopted internally by three agency clients within the first month. The SaaS version (centralized policies, audit logs, fleet management) is the natural Forge follow-up: same engine, different distribution. Obscura proves Forge can ship FOSS that lands.
CLIENT QUOTE“We needed our team to stop pasting customer data into ChatGPT and we didn't want to deploy yet another security tool. Obscura was the first thing in two years that solved the problem at the place the problem actually happens: the browser, not a policy doc.”
FOSS
Engineering Lead
AGENCY CLIENT · EMEA
BUILT WITHBunWebAssemblyBrowser extension APIRegex + NERGitHub ReleasesMIT
05 · WANT A TOOL LIKE THIS?Brief a Forge build.
Forge ships custom SaaS for clients, and we ship the FOSS that earns the trust first. Two-sentence intake, 24-hour response.
TYPICAL BUILD4–12 weeks
OPEN SLOTS · Q32 of 4