donttouch
(sort of) guards files from AI coding agents
donttouch puts a lightweight guardrail around files, to keep AI coding assistants from modifying them.
Think of it as a sign and velvet rope around the files. It should be a clear signal to any AI agent: “Do not change this file.”
…but they can get around it. This should not be replacing code reviews or human oversight. It’s just an experiment as an extra layer of protection and perhaps more importantly a stronger way to signal the invariants around files.
- Filesystem permissions — Makes files read-only via
chmod - Git hooks — Blocks commits and pushes that touch protected files
- Agent instructions — Injects rules into agent config files (CLAUDE.md, .cursorrules, etc.)
Why?
AI coding agents are powerful but sometimes overeager. They might:
- Reformat your carefully crafted config files
- “Fix” code you intentionally wrote a certain way
- Modify documentation you maintain by hand
- Touch infrastructure files that shouldn’t change casually
donttouch gives you a simple way to draw a line: these files are off-limits.
Key Features
- Works everywhere — Git repos and plain directories
- Pattern-based — Protect files with glob patterns (
*.toml,migrations/**) - Agent-aware — Injects instructions into Claude, Cursor, Copilot, and Codex config files
- Git-integrated — Pre-commit and pre-push hooks with optional Husky support
- Safe by design —
unlockanddisablemust be run from outside the project directory, so agents inside the repo can’t bypass protection
Quick Example
cd my-project
donttouch init # Interactive setup
donttouch lock # Make protected files read-only
donttouch inject # Add rules to agent config files
donttouch status # See what's protected
To edit protected files (from outside the project):
cd ..
donttouch unlock ./my-project
# make your changes
cd my-project
donttouch lock
Note: unlock also disables protection, so pre-push hooks will block until you lock again. This prevents accidentally pushing with protection off.