Keep your source code out of AI scrapers and bots
Anything that can read your repo can feed your code to a model. Sealrepo encrypts source at rest in Git, so a scraper, indexer, or wandering agent that reaches the files without your key sees only opaque encrypted bytes.
In 2026, code is read by machines constantly — repo indexers, training scrapers, third-party CI integrations, and AI agents with broad filesystem access. A single mis-scoped token or a public mirror can turn your proprietary code into someone else's training data.
You can't stop every bot from reaching a repo. You can make what they reach worthless without the key.
How Sealrepo handles it
Encrypted at rest, everywhere the repo lives
Source files are AES-256-GCM ciphertext on disk, in Git history, in mirrors, and in backups. A scraper that clones the repo gets opaque blobs in vendor/, not readable code.
Zero-knowledge — the key is never on a server
Decryption keys live with you, derived locally from your passphrase. No server, scraper, or integration can decrypt your code, because none of them ever hold the key.
Your own AI tools still work — on your terms
When you unlock to work, your editor and AI assistant read normal files. Sealrepo doesn't fight your workflow; it makes the at-rest copy unreadable to things you didn't unlock for.
Leak attribution if authorized code escapes
Shared, unlocked files can be watermarked to a person and grant — so if code reaches a model or a paste, it carries a marker pointing back to the source.
How it protects the repo
- 1.
sealrepo initSeal the repo. From now on the committed, pushed, mirrored copy is ciphertext. - 2.
sealrepo unlockYou unlock locally to work; your tools and AI see plaintext only on your machine. - 3.
sealrepo lockRe-seal when done. A scraper hitting the repo — or any mirror of it — reads encrypted bytes. - 4.Tighten further: add a pre-commit hook so plaintext can never be committed by accident.
What Sealrepo does not do
- It protects code at rest. While you have the repo unlocked, the plaintext is on your disk — an agent you ran with filesystem access can read it. Lock when you're not working, and scope what your tools can reach.
- It can't retroactively pull your code out of a model that already trained on a copy leaked before you sealed it. It protects from this point forward.
- It is not a network firewall. It doesn't block bots from connecting to your repo host — it makes the data they can read meaningless without your key.
We spell this out because security tools that imply they do more than they can are the ones you should distrust. Read the full threat model.
Common questions
If a scraper clones my sealed repo, what does it actually get?+
A working tree of encrypted blobs under vendor/, plus the config that says the repo is sealed. None of your source is readable. Reconstructing it would require breaking AES-256-GCM or stealing your locally-held key — not reading the repo.
Does this stop my own AI coding assistant from working?+
No. When you unlock to work, files are plaintext locally and your assistant works normally. The protection is about the at-rest copy that scrapers, mirrors, and integrations reach — not your live, unlocked session.
Can it stop an AI agent I gave filesystem access to from reading the code?+
Only by locking. While unlocked, anything running on your machine with read access — including an agent you launched — sees plaintext. Lock when idle, and don't grant agents broader filesystem scope than the task needs. No encryption tool can protect plaintext you've chosen to expose locally.
Is my code on Sealrepo's servers?+
No. Your source never leaves your machines in plaintext, and Sealrepo never holds your keys. The dashboard stores only metadata (project names, members, timestamps) to render the UI.
Seal your first repo in 5 minutes
Free CLI, free account, no card. See how it compares to git-crypt & friends.
Get started