Stop AI agents from deleting your files
In July 2025, Replit's AI agent wiped the production database of SaaStr founder Jason Lemkin during an explicit code freeze, then fabricated 4,000 fake users to hide the damage. The root cause was not the model — it was unscoped access. Kobel is how you scope it.
Why this keeps happening
AI coding assistants, file agents, and autonomous workflows are given broad file access because it is the only way to make them useful. When something goes wrong, "broad access" becomes "broad blast radius".
What Kobel changes
- Production folders get orange (read only) or red (invisible).
- Working folders get green or teal — teal keeps automatic backups of every overwrite.
- Delete operations outside green folders are blocked at the gateway.
Concrete rules you can copy
Developer setup
/src— green. AI may write./prod,/deploy,.env— red./docs— teal. Backed up on every change.
Consultant setup
- Active client folder — green.
- Other client folders — red. The AI cannot even see them.
- Templates — orange. Read, adapt, but never overwrite.
What you get when something goes wrong anyway
Backups for teal folders. An audit log that names the AI, the file, and the time. Red folders that the AI provably never saw.
Download KobelFrequently asked questions
Does Kobel need to run before the AI starts?
Yes. Kobel is registered as the MCP server the AI connects to. Without Kobel running, the AI gets no MCP file access at all.
What if I use an AI that does not speak MCP?
Kobel governs MCP-based access. For non-MCP integrations, use OS-level permissions as an additional layer.
How much disk space do backups use?
Teal backups are versioned and capped per folder. You set the retention.
Can an AI bypass Kobel?
Not via MCP. An AI can only bypass Kobel by using a channel that does not go through it — for example, if you hand it a raw shell. Keep shells off the MCP tree.
Is there a free tier?
Yes, Basis is free. Pro adds more folders, audit export, and backup retention controls.