Paste anything below. The counter updates in real time, and the scanner highlights anything that looks like personally identifiable information or a secret. Nothing leaves your browser — this is a local demo of the patterns SchneeAI checks server-side before forwarding a call.
What the tool does
- Token estimate — counts ASCII, CJK, and other characters and weights them (English ≈ 4 chars/token, Japanese ≈ 1.5 chars/token). This is ±20%; for exact counts, use each provider’s official tokenizer.
- PII / secret scan — checks against 13 categories SchneeAI’s runtime scanner supports. The full production scanner covers 17 (adds mynumber_jp with check digit, pem private keys, IPv6, connection strings, US SSN with validation).
- Cost Calculator hand-off — once you have a token count, send it to the Cost Calculator to price the request.
The 17 categories SchneeAI scans at runtime
| Category | Severity | Pre-call action |
|---|---|---|
| warning | mask or flag | |
| phone_jp / phone_e164 | warning | mask or flag |
| credit_card (+Luhn) | critical | block |
| ipv4 / ipv6 | info | flag |
| aws_access_key | critical | block |
| openai_api_key | critical | block |
| anthropic_api_key | critical | block |
| google_api_key | critical | block |
| stripe_key | critical | block |
| slack_token | critical | block |
| jwt | critical | block |
| mynumber_jp (+check digit) | critical | block |
| ssn_us | critical | block |
| pem_private_key | critical | block |
| connection_string | critical | block |
Severity drives what happens: critical findings block the call before it leaves the boundary; warning findings can be masked, flagged, or passed through; info findings are recorded but do not interrupt. Policies are configurable per service and per tenant.
Try these
- An email like
[email protected] - A phone number like
090-1234-5678 - A realistic test JWT:
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpXqz - A Stripe test key:
sk_test_4eC39HqLyjWDarjtT1zdp7dc
The scanner runs in your browser. None of these values are sent to SchneeAI or any other server.
What SchneeAI adds beyond the demo
The demo answers “would my text get flagged?”. The platform adds:
- Pre-call enforcement — critical findings block the request before it reaches the provider, not just warn after.
- Configurable policy — mask, flag, or block per category, per tenant, per feature.
- Vault retention — every finding is stored as structured metadata alongside the encrypted raw request, with retention windows per data class.
- Audit trail — who saw what, when, with what justification, available for compliance review.
See the PII scanning in production blog post for the design rationale.