🛡️ ShielderX Protect secrets from AI vibe-coding tools — without breaking your app. ShielderX is a security boundary layer for modern development workflows that prevents AI coding tools (Cursor, Copilot, Windsurf, etc.) from reading real secrets during development — while still allowing your application to run normally. ❗ ShielderX is NOT an AI coding assistant. ✅ It is a defensive security tool. 🚨 The Problem AI tools scan your source code to provide suggestions. During this scan, sensitive data can be exposed: API keys Tokens Emails Phone numbers Internal IDs Company secrets Once exposed: AI can remember them Logs can leak them Commits can store them Teams can unknowingly share them ✅ The Solution ShielderX ensures that: AI tools never see real secrets Secrets are encrypted at rest Your app still works No backend is required (v1) 🧠 Core Concept Source Code → ShielderX → AI Tools ↓ Encrypted Secret Store Secrets are replaced with placeholders Real values are encrypted Decryption happens only at runtime No plaintext secrets on disk 🔐 How ShielderX Works 1️⃣ Scan (IDE Time) Run: ShielderX: Scan Project ShielderX will: Detect sensitive values Replace them with placeholders: const API_KEY = "<SECRET_ABC123>"; Encrypt the real value Store it securely AI tools only see placeholders. 2️⃣ Runtime Resolution Your application calls: import { resolveSecret } from "@shielder/runtime"; const key = resolveSecret("<SECRET_ABC123>"); Runtime behavior: Decrypts in memory only Never writes plaintext to disk Fails loudly if key is missing 📁 Files Created .shielder.key Project-specific encryption key Generated automatically Must be backed up Git-ignored Losing it = losing secrets (v1) .ai-secret-guard.json Encrypted secret store Safe to commit Never contains plaintext AI-readable but useless 🔄 Managing Secrets Run: ShielderX: Manage Secrets You can: View secrets (masked) Temporarily show & edit values Disable protection (restore plaintext) Re-enable protection (placeholder restored) Secret States ENABLED → Protected from AI DISABLED → Plaintext in code (AI can read) ⚠️ AI Race Protection (On-Open Warning) When a project opens: ShielderX checks if it’s unprotected Runs a light scan Warns before AI tools index files Message shown: 🔐 ShielderX AI Warning This project may contain secrets. AI tools could read them before protection. Actions: Protect Now Ignore ⚙️ Auto Protect on Open (Advanced) Power users can enable: "shielder.autoProtectOnOpen": true Behavior: Disabled by default Automatically scans on project open No UI prompts Prevents AI from reading secrets early Must be enabled explicitly by the user. 🧠 THREAT MODEL (IMPORTANT) ✅ What ShielderX Protects Against AI tools reading source code Accidental secret exposure Secrets committed to repositories Team-wide secret leakage CI logs exposing values ❌ What ShielderX Does NOT Protect Against ShielderX does NOT protect against: Malicious developers Compromised machines Runtime memory inspection OS-level malware Debuggers reading process memory Network interception Reverse engineering If an attacker controls the machine, ShielderX cannot help. 🔐 Security Assumptions You trust your development environment You trust your team members You back up .shielder.key You understand runtime decryption exists 🚫 Non-Goals ShielderX is NOT: A secret manager (Vault, 1Password) A replacement for environment variables A DRM system Malware protection A cloud service (v1) ⚠️ Important Warnings Losing .shielder.key = permanent data loss Restoring plaintext allows AI to read secrets autoProtectOnOpen is opt-in only No secret recovery without the key 🧾 Legal & Responsibility ShielderX never stores plaintext secrets No recovery is possible without the key Users are responsible for key management Best-effort security only No guarantees against advanced attacks |