After Six Months, Someone Finally Built a File Guard for Your AI Coding Sessions

By /

A developer just shipped something the AI coding world quietly needed. The project is called Phylax. It’s an open-source platform built in Rust that sits between your AI and your file system. The AI can code. But it can’t touch files it has no business touching. Yesterday the build dropped publicly. And the timing matters.

We are at the point where AI coding tools are genuinely good enough that people are handing them the keys to entire repositories. Not a folder. Not a branch. The whole thing. Every time you kick off a Cursor or Copilot session on a real project, you are implicitly trusting that the AI knows where to stop. Most of the time, it does. But “most of the time” is not a security posture.

The twist: most AI coding tools get full access to your repo. All of it. Your .env files, your secrets, your production configs. Phylax changes that. You define the rules. The AI stays in its lane.

Think about what that actually means. You have an API key sitting in a .env file. You have a production database connection string in a config folder. You have a shared auth module three directories away from the service you are actually working on. Right now, nothing is stopping an AI tool from reading all of that, incorporating it into context, or accidentally leaking it in a generated snippet. There is no fence. Phylax builds the fence. You decide where it goes, what goes inside it, and what is completely off-limits. The AI does not get to decide. You do.

Here’s how the workflow looks:

  1. 🔒 Step 1: Add Phylax to your project as a layer between your AI tool and your codebase. The installation is straightforward and the Rust build is fast. You do not need to change how you use your AI tool. Phylax hooks in underneath and starts watching from there.
  2. 📋 Step 2: Define which files and directories the AI is allowed to read, modify, or leave alone entirely. This is where the power sits. You can be as granular as you want. Lock down a single file. Lock down an entire directory tree. Set read-only rules for things you want the AI to reference but never touch. The configuration is declarative and readable, so it doubles as documentation for anyone else on your team.
  3. 🤖 Step 3: Run your AI coding session normally. Phylax enforces the rules in the background. Your workflow does not change. Your IDE still works the same way. The AI still gets context, still generates code, still does everything it normally does. It just cannot go past the lines you drew in step 2.
  4. ✅ Step 4: Ship knowing your sensitive files were never touched. That peace of mind is the actual product. Not just the technical enforcement, but the confidence to actually let the AI loose on real work without second-guessing every suggestion it makes.

Pro tip: This is especially useful for monorepos where you’re using AI on one service but have configs, credentials, or shared modules sitting two folders away. Monorepos are where this risk is highest and where most developers have learned to be paranoid the hard way. You are working on the payments service. The AI is theoretically focused on that. But your monorepo also has an auth service, a notification service, infrastructure scripts, and a folder of deployment keys. Phylax lets you scope the AI to exactly the payments service and nothing else. Every file outside that scope is invisible to it.

Pro tip 2: The project is six months old. The GitHub account is new. The author kept it separate from personal repos. Worth noting because the first commit looks recent but the work runs deep. This was not built in a weekend as a portfolio project. The architecture reflects months of decisions about how Rust handles file system interception, how to make the enforcement layer fast enough to not slow down real development sessions, and how to keep the config syntax simple enough that developers will actually use it. When you dig through the commits on the main repo, the commit history tells a different story than the account age suggests. The author clearly wanted the work to stand on its own.

It’s open source, written in Rust, and the author is actively looking for contributors and feedback. If you are doing any serious AI-assisted development on real codebases, this is worth 20 minutes of your time to set up. The risk you are currently carrying is probably higher than you think. Link in the comments 👇

I worked on this project for 6 months
by u/Adorable-Peace4442 in PromptEngineering

Related:

  1. Your personal BS detector just got a major upgrade Most of the polite advice we receive in life is...
  2. Infinite Landing Pages: The 2-Step AI Workflow You can generate an endless stream of unique, professional-grade landing...
  3. Persona prompts with an id, ego, and superego. Yes, really. Three JSON persona blueprints that go way deeper than “act...
  4. Replit Uses 2,000 Tokens. v0 Uses 8,500+. Replit Scored Higher. Leaked system prompts from five AI coding tools just got...
Scroll to Top