DEV Community: Sandeep Roy

I Told My AI "Never Touch Auth" — It Did Anyway. Here's How I Fixed It.

Sandeep Roy — Mon, 02 Mar 2026 09:43:47 +0000

Last month, I was building a SaaS app on Bolt.new. Session 1 went great — auth system working, Supabase connected, everything clean.

Session 2, I asked Bolt to "add a dark theme."

Bolt added the dark theme. It also rewrote my auth system, switched my database queries, and broke 3 pages I didn't ask it to touch.

Sound familiar?

The Problem Nobody's Solving

AI coding tools now have memory. Claude Code has auto-memory. Cursor has Memory Bank. Lovable has Knowledge. .cursorrules and AGENTS.md exist.

But memory without enforcement is dangerous.

Here's what actually happens:

Your AI remembers you use Supabase — then switches to Firebase because it "seemed better"
Your AI remembers your auth setup — then rewrites it while "fixing" a bug
Your AI remembers your constraints — then ignores them when they're inconvenient

The stats back this up:

66% of developers say AI gives solutions that are "almost right, but not quite" (Stack Overflow 2025)
45% of AI-generated code contains security vulnerabilities (Georgetown CSET)
Cursor's own forum has threads like "The Vicious Circle of Agent Context Loss" and "Cursor often forgets .mdc instructions"

Remembering is not the same as respecting.

What I Built

I spent 6 months building SpecLock — an open-source constraint engine that adds active enforcement on top of persistent memory.

The idea is simple: you tell the AI what it can't do, and SpecLock stops it before the damage happens.

You:    "Don't ever touch the auth files"
AI:     Lock added: "Never modify auth files"

... 5 sessions later ...

You:    "Add social login to the login page"
AI:     CONFLICT (HIGH — 100%): Violates lock "Never modify auth files"
        Should I proceed or find another approach?

No other tool does this. Not Claude's native memory. Not Cursor rules. Not AGENTS.md files.

How It Works: 3 Enforcement Layers

The reason .cursorrules and AGENTS.md fail is they're suggestions. The AI reads them, then does whatever it wants. As one Cursor forum user put it: "LLMs can't guarantee 100% compliance. They work probabilistically."

SpecLock uses 3 layers that make enforcement as strong as possible:

Layer 1: Package.json Lock Sync

When you add a lock, SpecLock embeds it directly in package.json. Since every AI tool reads package.json at session start, your constraints are visible from the very first message.

{
  "speclock": {
    "active": true,
    "locks": [
      "Never modify auth files",
      "Database must always be Supabase"
    ]
  }
}

Layer 2: Semantic Conflict Detection

Before any change, SpecLock checks the proposed action against all locks. Not just keyword matching — synonym expansion (15 groups), negation detection, and destructive action flagging:

Lock:   "No breaking changes to public API"
Action: "Remove the external endpoints"

Result: CONFLICT (85% confidence)
  - synonym match: remove/delete, external/public, endpoints/api
  - lock prohibits this action (negation detected)
  - destructive action against locked constraint

Layer 3: File-Level Guards

When you lock something like "never modify auth files", SpecLock finds the actual auth files in your project and injects a warning header:

// ============================================================
// SPECLOCK-GUARD — DO NOT MODIFY THIS FILE
// LOCKED: Never modify auth files
// THIS FILE IS LOCKED. DO NOT EDIT, CHANGE, OR REWRITE.
// A question is NOT permission. ONLY "unlock" is permission.
// ============================================================

export function Auth() { return 
Login
 }

When the AI opens the file to edit it, it sees the warning before it can make changes. This is the strongest layer — the AI literally has to read the guard to access the code.

Real Test: 4 Tests on Bolt.new

I ran 4 tests on Bolt.new with real locks:

Test	What I Asked	What Happened	Result
1	"Add social media login"	Bolt detected conflict with auth lock	Blocked
2	"Add dark theme"	Bolt added it normally	Allowed (not locked)
3	"Switch database to Firebase"	Bolt detected conflict with Supabase lock	Blocked
4	Bolt opened Auth.tsx to edit	Bolt read SPECLOCK-GUARD and refused	Blocked at file level

Locked things get blocked. Unlocked things work normally. That's the whole point.

Quick Start (2 minutes)

Bolt.new / Aider / Any npm Platform

Just tell the AI:

"Install speclock and set up project memory"

Or run it yourself:

npx speclock setup --goal "Build my app"

That's it. SpecLock creates SPECLOCK.md, injects locks into package.json, and generates a context file. The AI reads these automatically.

Cursor / Claude Code / Windsurf / Cline (MCP)

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "speclock": {
      "command": "npx",
      "args": ["-y", "speclock", "serve", "--project", "."]
    }
  }
}

This gives you 19 MCP tools — session memory, locks, conflict checking, git checkpoints, change tracking, and more.

Lovable (MCP Remote — No Install)

Go to Settings > Connectors > New MCP server
Enter URL: https://speclock-mcp-production.up.railway.app/mcp
Done.

What's Different From Other Memory Tools?

Feature	Claude Memory	Cursor Rules	AGENTS.md	SpecLock
Remembers context	Yes	Yes	Yes	Yes
Blocks violations	No	No	No	Yes
Semantic conflict detection	No	No	No	Yes
File-level protection	No	No	No	Yes
Git checkpoints	No	No	No	Yes
Works on Bolt.new	No	No	No	Yes

The Uncomfortable Truth

Every AI coding tool will get better memory eventually. Context windows will grow. Models will improve.

But the fundamental problem remains: AI tools are optimized to be helpful, not to respect boundaries.

When you say "never touch auth" and then ask "add social login", the AI sees a conflict between your constraint and your current request — and it resolves the conflict by doing what you're currently asking. That's how LLMs work. They're people-pleasers.

The only way to fix this is an external enforcement layer that doesn't care about being helpful. It just checks the rules and blocks violations.

That's SpecLock.

Try It

Free. Open source. MIT license.

What constraint would you lock first? Drop it in the comments — I'm curious what people are most worried about their AI breaking.

Memory Without Enforcement is Dangerous — Why I Built SpecLock

Sandeep Roy — Thu, 26 Feb 2026 10:49:36 +0000

I spent a year building products with AI coding tools. Bolt.new, Claude Code, Cursor — I used them all, every day.

The AI was great at writing code. Terrible at respecting boundaries.

## The Pattern That Kept Repeating

Session 1: "Never touch the auth files."
Session 3: Auth is completely rewritten.

Session 2: "We're using PostgreSQL."
Session 5: "I've migrated you to MongoDB — it seemed better."

Session 1: "The API uses Bearer tokens."
Session 7: "I switched to session cookies for simplicity."

Every. Single. Time.

## "But AI Has Memory Now"

Yes — Claude Code shipped native memory in February 2026. Cursor has Memory Bank. Mem0 exists.

But here's what nobody talks about: memory without enforcement is dangerous.

Your AI "remembers" your rules in a text file. But when the context gets long, it ignores them. When a fix seems easier by breaking your
constraint, it breaks it. When it "knows better," it overrides your decision.

Remembering is not the same as respecting.

## What I Built

I built SpecLock — an open source constraint engine that adds active enforcement on top of
persistent memory.

When your AI tries to violate something you locked, SpecLock stops it:

You: "Never touch auth files"
AI: 🔒 Locked.

... 5 sessions later ...

You: "Add social login to the login page"
AI: ⚠️ CONFLICT — this violates your lock "Never modify auth files"
Proceed or find another approach?

No other tool does this. Not Claude's native memory. Not Mem0. Not .cursorrules files.

## How It Works

SpecLock uses semantic conflict detection — not just keyword matching:

Synonym expansion (15 groups): "remove" matches "delete", "drop", "eliminate"
Negation detection: understands "never", "don't", "no" in lock text
Destructive action flagging: catches "rewrite", "replace", "overhaul"

So "remove the login endpoints" correctly triggers against a lock about "never modify auth files" — because it understands auth, login,
endpoints, and remove are all related.

## The Bolt.new Breakthrough

This is what I'm most excited about.

Bolt.new has millions of users. Zero memory solutions. Every chat starts from scratch.

With SpecLock, you just say in any Bolt project:

"Install speclock and set up project memory"

Bolt automatically:

Runs npx speclock setup
Reads the generated rules file
Starts capturing goals, decisions, and constraints
Next session: reads the context file and remembers everything

I tested it — Bolt ran 17 commands automatically on first install. In Session 2, it read the context file and created a plan that respected
all 6 locks and 7 decisions from Session 1.

No MCP needed. No config. No paste.

## Works Everywhere

| Platform | How |
|----------|-----|
| Bolt.new | npx speclock setup — npm file-based mode |
| Claude Code | MCP config — 19 tools |
| Cursor | MCP config |
| Lovable | MCP URL — no install |
| Windsurf / Cline | MCP config |

## Free and Open Source

GitHub: github.com/sgroy10/speclock
npm: npm install speclock
License: MIT
No database, no cloud, no API keys — everything stays in your project directory

## What Would You Lock?

If you could set one unbreakable constraint for your AI coding assistant, what would it be?

I'm curious what other developers are struggling with. The constraint patterns tell me a lot about what to build next.

SpecLock — Because remembering isn't enough. AI needs to respect boundaries.

How I Built an API to Detect Fake Gemstones Using AI

Sandeep Roy — Fri, 02 Jan 2026 12:18:23 +0000

After 30 years in the jewelry trade, I've seen countless people get scammed buying synthetic stones sold as natural. So I built an API to solve this.

What GemLens Does

Send a gemstone image → get back:

Stone identification (ruby, sapphire, emerald, etc.)
Natural vs synthetic vs glass probability
Color, clarity, cut grading
Origin estimate
Market value range

Quick Example

curl -X POST "https://gemlens.p.rapidapi.com/analyze" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"image": "data:image/jpeg;base64,..."}'

Response:

{
  "gemstone": { "type": "Ruby", "confidence": 94 },
  "authenticity": {
    "natural_probability": 92,
    "synthetic_probability": 5,
    "simulant_probability": 3
  },
  "origin": "Myanmar (Burma)",
  "market": { "estimated_retail_value": "$8,500-$12,000" }
}

Who It's For

E-commerce platforms selling jewelry
Pawn shops needing quick verification
Insurance companies
Jewelry appraisers
Developers building marketplace apps

Try It

Free tier: 50 calls/month
https://rapidapi.com/sgroy10/api/gemlens

Would love feedback!