My AI coding agent tried to touch files it should never touch. So I built a local guardrail.

AI coding agents are amazing until they touch the wrong file. I had agents delete files, inspect things they shouldn’t, and get way too confident around sensitive project data. So I built Phylax: a local safety layer that blocks risky file access before an AI agent touches your secrets. No login. No cloud. No telemetry. Just local rules for what agents can and cannot touch. I’m collecting real failure cases from developers using Cursor, Claude Code, Windsurf, Cline, OpenCode, etc. What’s the worst thing an AI coding agent has done in your project? submitted by /u/DumbbMoneyy [link] [comments.