{"slug": "ailock-hide-source-from-ai-assistants-while-tests-still-run", "title": "AiLock: Hide source from AI assistants while tests still run", "summary": "AiLock released a new encryption tool that keeps source code encrypted on disk while allowing developers to run Python programs normally in memory. The tool encrypts files in place so AI coding assistants and file-reading tools see only ciphertext, while `ailock run` decrypts code inside the runtime process without writing plaintext back to the working tree. This memory-only decryption approach aims to prevent AI assistants from accessing proprietary code during development.", "body_md": "**Keep code encrypted on disk, decrypt it only in memory, and still run it normally.**\n\nAiLock encrypts files in place so filesystem-level AI access (`read_file`\n\n, `grep`\n\n,\n`cat`\n\n, codebase indexing) sees only binary ciphertext. At the same time,\ndevelopers can run encrypted Python code, import encrypted modules, read encrypted\ndata files, and edit locked files through controlled plaintext views. The central\nidea is **memory-only decryption**: plaintext is materialized inside the AiLock\nruntime process, not written back to the working tree.\n\nDisk: ciphertext for AI and ordinary file readers. Runtime: plaintext only inside the controlled execution process.\n\nMost encryption tools protect files at rest, but make the code unusable until it is decrypted back onto disk. AiLock is built for a different workflow:\n\n**AI-opacity**: coding assistants that read the working tree see ciphertext.** Memory-only execution**:`ailock run`\n\ndecrypts encrypted Python files inside the process and executes them without restoring plaintext on disk.**Transparent imports**: encrypted modules can import each other.** Transparent file I/O**:`open()`\n\n,`Path.read_text()`\n\n, and`Path.read_bytes()`\n\ncan return plaintext inside the runtime.**GUI plaintext viewport**:`ailock open`\n\nlets the developer inspect and edit files without leaving plaintext in the working tree.**Recovery path**: encrypted backups and optional recovery keys help recover damaged or forgotten-password files.\n\n- Python 3.11 or newer\n`pip`\n\n- Runtime packages installed automatically from\n`pyproject.toml`\n\n:`argon2-cffi`\n\n,`cryptography`\n\n, and`pyzipper`\n\n`tkinter`\n\nfor`ailock open`\n\n; it is bundled with many Python installations, but some Linux distributions package it separately as`python3-tk`\n\nInstall from GitHub:\n\n```\ngit clone https://github.com/lo2589/AILOCK.git\ncd AILOCK\npip install .\n```\n\nFor editable development installs:\n\n```\ngit clone https://github.com/lo2589/AILOCK.git\ncd AILOCK\npip install -e .\n```\n\nCheck the command:\n\n```\nailock --help\n```\n\nIf the command is not on your `PATH`\n\n, use the module entry point:\n\n```\npython -m aloc --help\n# Encrypt a file in place.\nailock lock secret.py\n\n# AI/file tools see ciphertext.\ncat secret.py\ngrep \"password\" .\n\n# You can still use the code.\nailock show secret.py\nailock run secret.py\nailock open .\n\n# Restore plaintext on disk when needed.\nailock unlock secret.py\n```\n\nThe key idea:\n\n```\nailock lock app.py # app.py becomes ciphertext on disk\nailock run app.py # app.py is decrypted in memory and executed\n```\n\n`ailock run`\n\nis the core feature. It decrypts the entry file in memory, executes\nthe plaintext inside the Python process, and leaves the working-tree file as\nciphertext. No plaintext copy is written next to the encrypted file.\n\n```\nailock run main.py\nailock run -m mypackage\nailock run app.py -- --port 8080\n```\n\nWhile the program is running, AiLock installs hooks so application code can behave as if the files were plain:\n\n``` php\nencrypted .py on disk -> decrypt in memory -> exec/import inside Python\nencrypted data file -> decrypt in memory -> open()/Path.read_text()\n```\n\nInside your program, no AiLock-specific code is required:\n\n``` python\nimport json\nfrom secret_module import algorithm\n\nwith open(\"config.json\") as f:\n config = json.load(f)\n\nprint(algorithm(config))\n```\n\nIf `secret_module.py`\n\nor `config.json`\n\nis locked, AiLock decrypts it for the\nruntime while the filesystem still contains ciphertext.\n\nEncrypt a file or directory in place.\n\n```\nailock lock secret.py\nailock lock src/\nailock lock secret.py --recovery\n```\n\nNotes:\n\n- Directories are processed recursively.\n- Already locked files are skipped.\n- Plaintext backups are stored as encrypted ZIP backups under\n`.ailock/backups/`\n\nby default. `--recovery`\n\nprints a recovery key. Save it separately; it is not shown again.\n\nRun encrypted Python code without writing plaintext back to disk.\n\n```\nailock run main.py\nailock run -m mypackage\nailock run app.py -- --port 8080\n```\n\nRuntime interception layers:\n\n- import hook for encrypted Python modules\n- patched\n`builtins.open`\n\n- patched\n`pathlib.Path.read_text`\n\nand`pathlib.Path.read_bytes`\n\nOpen a GUI plaintext viewport/editor for a directory.\n\n```\nailock open .\nailock open src/\n```\n\nLocked files are decrypted for display. Saving writes encrypted content back to disk.\n\nPrint decrypted content to stdout without modifying the file.\n\n```\nailock show secret.py\nailock show secret.py | head\n```\n\nDecrypt a file or directory back to plaintext on disk.\n\n```\nailock unlock secret.py\nailock unlock src/ --backup\n```\n\nRecover a locked file using a recovery key generated by `--recovery`\n\n.\n\n```\nailock recover secret.py\n```\n\nStart a stdin/stdout JSON-RPC workspace server for controlled plaintext access.\n\n```\nailock freelock .\n```\n\nExample requests:\n\n```\n{\"method\": \"list_files\", \"params\": {}, \"id\": 1}\n{\"method\": \"read_file\", \"params\": {\"path\": \"main.py\"}, \"id\": 2}\n{\"method\": \"grep\", \"params\": {\"pattern\": \"TODO\"}, \"id\": 3}\n{\"method\": \"write_file\", \"params\": {\"path\": \"main.py\", \"content\": \"...\"}, \"id\": 4}\n{\"method\": \"flush\", \"params\": {}, \"id\": 5}\nailock status file.py\nailock forget\nailock forget --all\nailock config\nailock config backup-dir /path/to/backups\nailock init --as aa\n```\n\n`ailock init --as `\n\ninstalls a local launcher under a custom command name.\nThis is useful when you want the unlock command to be deployment-specific.\n\nAiLock targets filesystem-level AI access. It is designed for coding assistants and indexers that inspect files through ordinary reads. In that model, locked files reveal only ciphertext.\n\nAiLock does not claim to stop a fully informed local adversary who can run arbitrary commands, capture process memory, or trick the user into decrypting files. For stronger isolation, combine AiLock with operating-system execution policy, process isolation, and careful secret handling.\n\n- Argon2id for password-derived keys\n- ChaCha20-Poly1305 for authenticated encryption\n- independent random file keys\n- password wrapping for file keys\n- optional recovery-key wrapping\n- encrypted ZIP backups for emergency recovery\n\n```\naloc/\n cli.py command-line interface\n runner.py in-memory execution engine\n workspace.py decrypted workspace API and JSON-RPC handler\n gui.py tkinter GUI editor\n crypto.py Argon2id and ChaCha20-Poly1305 helpers\n format.py locked-file format parser/encoder\n fileops.py atomic writes and backup helpers\n cache.py sudo-style password cache\n manifest.py .ailock manifest and backup management\n recovery.py recovery key support\n install.py custom command-name launcher\n```\n\n`argon2-cffi`\n\n`cryptography`\n\n`pyzipper`\n\n`tkinter`\n\nfor the GUI, provided by many Python installations\n\nMIT", "url": "https://wpnews.pro/news/ailock-hide-source-from-ai-assistants-while-tests-still-run", "canonical_source": "https://github.com/lo2589/AILOCK", "published_at": "2026-05-31 13:37:53+00:00", "updated_at": "2026-05-31 13:54:04.814939+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety", "ai-infrastructure", "ai-products", "ai-research"], "entities": ["AiLock"], "alternates": {"html": "https://wpnews.pro/news/ailock-hide-source-from-ai-assistants-while-tests-still-run", "markdown": "https://wpnews.pro/news/ailock-hide-source-from-ai-assistants-while-tests-still-run.md", "text": "https://wpnews.pro/news/ailock-hide-source-from-ai-assistants-while-tests-still-run.txt", "jsonld": "https://wpnews.pro/news/ailock-hide-source-from-ai-assistants-while-tests-still-run.jsonld"}}