Obfuscate API Responses for LLMs

Drop in a response from Shopify, Stripe, BigCommerce, Square, PayPal, Mailchimp, Zendesk, or any of ten other platforms. DoppelForge returns a doppelgänger - identical structure, safe values - ready to paste into a blog post, support ticket, Stack Overflow answer, or your favorite LLM.

Why this exists

Real API responses are leaky. They carry emails, prices, tokens, customer IDs - anything you'd never want in a public gist. But hand-redacting every field is tedious, error-prone, and breaks the shape of the data.

DoppelForge solves both problems at once. The output looks identical to the original. The values don't put anyone at risk.

Same shape. Safe values. Counterfeit, with consent.

The name

DoppelForge is a portmanteau. Doppel from the German doppelgänger - an apparition or counterpart that looks identical to a living person. Forge from Latin faber, smith - a verb that means both to create through skilled craft (a blacksmith forges iron) and to counterfeit convincingly (forge a signature). Both meanings apply. DoppelForge forges doppelgängers of your API responses: counterfeits skilled enough to pass as real, while keeping every byte of sensitive data behind the workshop doors.

What you get

Paste mode

Paste a single response. Get a doppelgänger instantly. No upload, no signup, no servers.

Batch mode

Drop in a folder of JSON files. Pick which fields stay raw and which get transformed. Export the whole set as safe-to-share files - with a single seed reused across files so cross-file IDs stay consistent.

HAR mode Beta

Drop a full HAR capture - the network log your browser's DevTools exports. DoppelForge scans every request and response, flags what's sensitive (credential headers, session cookies, secret query and form params, server IPs, and PII inside JSON/XML bodies), and lays it out as one tree of current value → realistic replacement. Tick what to redact, set custom values, and drill into any value to see which entries carry it. Large captures are processed off the main thread in a Web Worker - still entirely in your browser, nothing uploaded.

Platform-aware

DoppelForge knows the shape of API responses from 17 platforms across e-commerce, payments, CRM, subscriptions, shipping, communications, marketing, identity, and support. It transforms the right fields without breaking the structure.

Runs in your browser

Your responses never touch a server. DoppelForge is a static web app - every transformation happens locally, and a strict Content Security Policy stops any rogue dependency from changing that.

Schema generators

From the same payload, DoppelForge can also emit a TypeScript type, a Zod schema, or a JSON Schema. Forge the doppelgänger, hand it to the LLM, then validate the LLM's parser against the schema.

Open source

MIT licensed. Audit the code, fork it, or contribute on GitHub.

How to use it

  1. Open the tool. The two-pane editor loads with the original on the left and the forged twin on the right.
  2. Paste a real API response. JSON or XML, from any supported provider. Auto-detection promotes the right field map; you can also pick a provider manually from the sidebar.
  3. Copy the doppelgänger. Send it onward with confidence - no real names, emails, phones, addresses, or IDs go with it.
  4. Tweak fields if needed. The field-controls panel lets you toggle individual fields on or off if a particular value should pass through untouched.

Why it's different from redact or find/replace

Supported providers

Seventeen providers, 220 endpoints. Each provider ships with hand-curated field maps that distinguish PII from business identifiers across multiple endpoints, plus webhooks and (where applicable) GraphQL, CSV exports, and form-encoded payloads.

Unknown endpoints fall back to a generic pattern detector - still useful, just lower fidelity. Adding a new provider is one YAML file per endpoint; no engine changes required. See how to contribute.

Security & privacy

Privacy is the product, so it's enforced by construction - not by promise. Three layers:

  1. No network code in the bundle. The application source contains zero fetch(), XMLHttpRequest, WebSocket, EventSource, or navigator.sendBeacon calls. The build deliberately strips Vite's modulepreload polyfill so that no fetch() remains in the production bundle to grep for.
  2. CSP-enforced at the browser. The deployed site ships with a strict Content Security Policy: connect-src 'none', frame-ancestors 'none', object-src 'none'. Even a hypothetically compromised dependency couldn't open a network connection - the browser would refuse it before any bytes left your machine.
  3. CI-gated. Every commit runs a bundle audit step that fails the build if any of those network primitives sneak back in. The privacy claim has automated enforcement, not just code review.

Those guarantees are tested, not just stated. A suite of roughly 360 automated checks runs in CI on every commit. It includes privacy-invariant tests - synthetic responses seeded with fake personal data are run through the engine and checked to confirm no original value survives, for every input format the tool accepts - and golden tests that exercise all 220+ provider field maps, so a mis-classified PII field or a broken map fails the build rather than shipping.

No analytics, no telemetry, no error reporting libraries are dependencies. The only thing that ever crosses the network is the initial download of the static bundle from Cloudflare Pages.

Found a security issue? Email [email protected] with steps to reproduce - please don't open a public GitHub issue. Full scope and disclosure policy in the README.

Don't trust the deployed site? Run it locally: git clone, cd web, npm install, npm run dev.

What's stored on your device

DoppelForge uses localStorage on this origin only. Nothing is sent off-device, ever. Every key the app writes is namespaced under doppelforge.; the table below is the complete list.

Key What's in it How to clear
doppelforge.inputHistory Up to 5 recent pasted responses (the real ones, before obfuscation). Auto-clears after the retention TTL you choose in the History dropdown - default 1 hour. Pastes over 200K chars are skipped. "Clear all" in the History dropdown, or set retention to "Off".
doppelforge.history.retention Your chosen retention mode: off / 1h / 24h / persistent. Retention dropdown in History panel.
doppelforge.overrides.<scope> Per-endpoint field toggles plus any custom literal values you typed. One entry per endpoint you've configured. Persistent until you reset that endpoint. "Reset N" button in the Field controls panel for that endpoint.
doppelforge.{splitRatio, fieldsPaneWidth, linked, mode, sidebar.collapsed, batch.splitRatio, mobileWarning.dismissed} UI preferences - pane widths, current mode, link toggle, etc. No payload data. Browser site-data settings, or the panic button below.

Want everything gone in one shot? The "Forget everything" button in the footer of the app wipes every doppelforge.* key from this browser and reloads. Use it when you're done, on a shared machine, or just to prove the privacy claim to yourself.

No cookies. No sessionStorage. No IndexedDB. No service worker. No navigator.userAgent sniffing.

Why is this free? What's the catch?

There isn't one. I built DoppelForge to speed up my own workflow - I needed to share API responses without leaking customer data, and hand-redacting got old fast. Once the tool existed, sharing it cost nothing.

It's a static site on Cloudflare Pages - no servers, no database, no accounts to run. Hosting is effectively free, so there's no bill to cover and no reason to gate it. No ads, no analytics, no upsell, no "pro" tier. The code is MIT licensed; if this site ever disappeared, you could host it yourself in minutes.

That's the whole story: a tool I made for myself, shared because it was easy to.

How to contribute

Most contributions to DoppelForge are new field maps for endpoints we don't yet cover. That's the durable, high-leverage work - the engine itself is intentionally thin, and the field-map library is the long-lived community asset. The smith builds the tool; the community builds the catalog.

Add support for a new endpoint

Drop a single YAML file at providers/<provider>/endpoints/<slug>.yaml. It declares the endpoint metadata, a signature for auto-detection, and a field-by-field obfuscation map using a typed vocabulary (email, fullName, id, preserve, auto, …). No engine code changes. Webhooks, GraphQL, CSV exports, and form-encoded bodies are all supported.

The full schema, type vocabulary, conventions, and best practices for marking PII fields live in CONTRIBUTING.md.

Request a new provider or report a bug

Open an issue at github.com/javadogwebdesign/doppelforge/issues and pick the right template - New provider request or Field map bug. The form prompts you for everything we need (platform/endpoint, sanitized sample response, what went wrong).

Under the hood

MIT licensed. View the full source on GitHub →