r/codingProtection

How do you protect your code when you're allowed to use an LLM but not to disclose the source?

Curious how others handle this. My situation: the client lets me use LLMs for coding, but explicitly asked that the actual source not be disclosed to a third party. So "just paste it into  a cloud model" is off the table for the sensitive parts, but going fully without an assistant  isn't realistic either.
I first tried keeping everything local. On a laptop the reasoning models were too slow to be usable (minutes per turn), and the smaller ones were unreliable — they'd "answer" without really reading the files. Moving to a server helped the speed a bit but the quality still wasn't there  for real work. Local felt like paying a lot to end up with a weaker assistant.
What I landed on instead: a workflow where the sensitive parts go through an obfuscating proxy before reaching the model — identifiers in code, comment and conf get renamed on the way out and restored on the way back,  so I keep a capable cloud model but the remote side never sees the real names/structure. I'm using promptCape for that piece, and so far it's held up.
 
But I'd like a reality check — how do you handle it?
- Local models good enough for you now, or same slowness/quality wall I hit?
- Obfuscation / proxy layer, and if so which?
- Air-gapped setups, contract clauses, or just not using AI on those parts at all?
 
Genuinely want to hear what's working for people under a "no disclosure" constraint.

reddit.com
u/SteveHaller — 4 days ago