AI coding agents read everything. Your Patronum decides what's off-limits.
The numbers
AI-assisted commits leak secrets at 3.2% β twice the human baseline. In Copilot-active repos, the rate hits 6.4%. AI-service credential leaks surged 81% year-over-year in 2025. (Source)
AI coding agents are transforming how we build software. By default, they have access to everything in your project β .env files, SSH keys, AWS credentials, and API tokens. Not maliciously, just helpfully.
Most developers using AI agents today either aren't aware of this exposure β or are, and simply haven't tackled it yet. If you haven't explicitly restricted what your agent can read, your credentials are likely in scope.
Most tools offer some access controls. Whether those reliably work in all cases is hard to know β past reports suggest there can be gaps. Rather than relying on built-in rules and hoping for the best, agento-patronum gives you explicit, hook-based control you can verify yourself.
It's one approach β there are others, and you can also roll your own. The goal is simply to make file protection accessible and transparent.
agento-patronum intercepts every tool call before execution. If the target matches a protected pattern, the call is blocked and logged. Learn how it works under the hood.
Install agento-patronum in two commands β hook active, credentials shielded.
/plugin marketplace add emaarco/agento-patronum/plugin install agento-patronum@emaarco