Skip to content

hawonc/Soteric

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
src
src
 
 
temp
temp
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
secret.txt
secret.txt
 
 

Repository files navigation

Soteric

Soteric is a small Rust CLI for protecting a narrow set of files from AI coding tools.

Today, the implemented pieces are:

  • profile creation from explicit files and globs
  • profile activation and deletion
  • process scanning for known AI coding tools such as Codex and Claude

The intended next step is cryptographic encryption of the files associated with the relevant profile when one of those tools is detected. That encryption workflow is not implemented yet.

Current Model

Soteric is intentionally profile-based rather than repo-wide. The idea is to blacklist only a few sensitive files instead of locking down an entire project.

Each profile stores:

  • a profile name
  • a root directory
  • a small list of canonical file paths
  • lightweight metadata about how the profile was created

The CLI also tracks one active profile. Right now, scanning and profile management are the working features. Automatic encryption and decryption are placeholders.

Commands

Create a profile from explicit files:

soteric add-profile secrets \
  --file ./secret.txt \
  --file ./temp/codex.txt

Create a profile from globs:

soteric add-profile hidden-files --glob './.*'

Append additional files or globs to an existing profile:

soteric append-profile hidden-files --file /tmp/codex.txt
soteric append-profile hidden-files --glob 'temp/*.txt'

Create and activate a profile in one step:

soteric add-profile hidden-files --glob './.*' --activate

List configured profiles:

soteric list-profiles

Show one profile:

soteric show-profile hidden-files

Activate the profile you want to use:

soteric activate hidden-files

Deactivate a specific profile:

soteric deactivate hidden-files

Delete a profile:

soteric delete-profile hidden-files --yes

Scan running processes for supported AI coding tools:

soteric scan

Show the active profile and current detections together:

soteric status

Define the secret for file encryption and decryption:

soteric secret *****

Current placeholders:

soteric encrypt-now
soteric decrypt-now
soteric run

Scan Behavior

scan inspects running processes and reports matches for known AI coding-tool binaries. The current matcher includes names such as:

  • codex
  • claude
  • claude-code
  • opencode
  • openhands
  • cursor
  • copilot
  • windsurf
  • antigravity

At the moment, scanning only reports detections. It does not yet trigger encryption or map a detected process to a stored profile automatically.

Profile Notes

  • --file can be passed multiple times.
  • --glob can be passed multiple times.
  • In a Git repository, relative --file and --glob inputs are resolved from the repo root.
  • Outside a Git repository, relative paths are resolved from the current working directory.
  • Only files are included in a profile. Directory matches are ignored.
  • Paths are canonicalized before they are stored.
  • If all files in a profile share the same parent directory, that directory becomes the profile root. Otherwise, the workspace root is used.

Development

Build:

cargo build

Run tests:

cargo test

Run lints:

cargo clippy --all-targets --all-features

Format:

cargo fmt

The runtime profile store lives at .soteric/profiles.json in the repository root when Soteric is run inside a Git repository. It should be treated as local state rather than committed project data.

About

A safeguard for your files from LLMs

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages