Lib.rs

Development tools | Command line utilities
#git #coding-agent #protection #cli

app donttouch

Add a guard to keep particular files from being modified by AI coding agents and accidental commits

Owned by sksizer.

7 releases

0.1.9 Feb 8, 2026
0.1.8 Feb 8, 2026

#442 in Development tools

MIT license

51KB
1K SLoC

🚫 donttouch

(sort of) guards files from AI coding agents

Crates.io Docs MIT License

donttouch puts a lightweight guardrail around files, to keep AI coding assistants from modifying them.

Think of it as a sign and velvet rope around the files. It should be a clear signal to any AI agent: "Do not change this file."

...but they can get around it. This should not be replacing code reviews or human oversight. It's just an experiment as an extra layer of protection and perhaps more importantly a stronger way to signal the invariants around files.

Why?

AI coding agents are powerful but sometimes overeager. They reformat configs, "fix" intentional code, and touch files that shouldn't change. donttouch lets you draw a hard line.

Install

Via Cargo:

cargo install donttouch

Via Brew:

brew install sksizer/tap/donttouch

From Source:

git clone https://github.com/sksizer/donttouch
cd donttouch
cargo install --path .

From Releases: Download from the Releases page

Quick Start

cd my-project

# Interactive setup — creates config, offers to lock files, install hooks, inject agent rules
donttouch init

# Or do it manually:
donttouch lock          # Make protected files read-only
donttouch inject        # Add rules to agent config files
donttouch status        # See what's protected
donttouch check         # Verify protection (use in CI)

Configuration

Create .donttouch.toml in your project root:

[protect]
enabled = true
patterns = [
    "*.toml",
    "Cargo.lock",
    "migrations/**",
    ".env",
    "README.md",
]

How It Works

Three layers of defense:

  1. Filesystem permissionschmod makes files read-only. Hard enforcement.
  2. Git hooks — Pre-commit blocks staging protected files. Pre-push blocks pushes when protection is disabled.
  3. Agent instructions — Injects rules into CLAUDE.md, .cursor/rules/, codex.md, and .github/copilot-instructions.md.

Key Commands

Command Description
donttouch init Interactive setup wizard
donttouch lock Enable protection + make files read-only
donttouch unlock <path> Disable protection + restore write permissions*
donttouch check Verify protection (CI-friendly)
donttouch status Show current state
donttouch inject Add agent instructions
donttouch remove <path> Full uninstall*

*Must be run from outside the project directory — this is the key security feature. Agents running inside your repo can't bypass protection.

The Outside-Directory Rule

unlock, disable, and remove require you to run them from outside the target project. Since AI agents execute from within your project, they physically cannot disable protection. Symlink and path traversal tricks are blocked via canonical path resolution.

Git Integration

  • Auto-detects git repos and Husky
  • Installs pre-commit and pre-push hooks
  • Use --ignoregit to force plain directory mode

Documentation

Full docs: donttouch book (mdbook)

License

MIT

Dependencies

~1.4–2.2MB
~42K SLoC