Protect the files that should never change accidentally
Some files are correct by design. Your deploy script, your config, your security settings. Mark them as off-limits so they don't get changed by mistake.
Your deploy script has a safety check that prevents deploying to the wrong project. That check is there on purpose. An AI assistant that decides to 'clean up' the script by making it more flexible just defeated the safety check. Freeze mode says: this file exists, you can read it, but you cannot change it.
Not every file in your project should be editable during every work session. Config files, security settings, deploy scripts, and environment files change rarely and should only change intentionally. Protecting them from accidental edits prevents an entire category of 'how did this break?' problems.
Identify the files in your project that are 'set and forget.' Deploy scripts. Configuration files. Environment settings. Anything where the current state is correct and any change needs a deliberate decision.
Mark those as protected at the start of every work session. Only unprotect them when you specifically intend to change them.
Start of every session: protect your deploy pipeline, config files, and any security-related files. Unprotect only when you're specifically working on those files.
Product leader shipping across enterprise SaaS, AI in production, and 0→1. Writing about what actually ships — not what sounds good in a deck.