← Back to context

Comment by raincole

16 days ago

Everyone who uses these tools seriously is running it on YOLO mode. It might sound crazy for someone who just started adopting agentic coding but it's how things are done now. Either that or just hand coding.

The SOTA of permission management is just to git restore when AI fucks up, and to roll back docker snapshot when it fucks up big time.

13 comments

raincole

Reply
raw_anon_1111  16 days ago

I see nothing wrong with that. If I “fuck up big time” before AI, I would just git restore. There is absolutely nothing on my work computer or personal computer that I couldn’t just throw it in the ocean and within a half a day have everything restored to just like it was - including the data.

JeremyNT  16 days ago

Yep, it's easier to ask forgiveness than permission. It's far easier to undo the 1% of the time they fuck up in a serious way than it is to manually audit and allow an the routine stuff.

The key is to only give them access to things you're willing to lose.

This is also why giving them any kind of direct write access to production is a bad idea.

  • jazzyjackson  16 days ago

    Talk about code smell

    If you arent manually auditing, you only notice the fuck ups when they’re instantaneous

    If you don’t trust it to interact with prod, but still trust it to write code that will run on prod… you’re still trusting it with write access to prod.

    The only thing I’m willing to let Claude write for me is a static site generator, because static files without JS aren’t going to do any damage, it either loads or it doesn’t.

    • JeremyNT  16 days ago

      To be clear, I'm not saying you can't (or shouldn't) review the results, only that you can (and should) give the harness the ability to do everything it needs to function without hitting permission barriers that need to be manually approved.

      The correct way to run these safely is to sandbox them so real lasting damage is impossible, not to micromanage individual access requests.

    • raw_anon_1111  16 days ago

      If you are a team lead or above, do you manually audit every line of code that other developers on your team write even when you are the one that will ultimately be held responsible? Every library you use?

      4 replies →

dehrmann  16 days ago

I was doing something involving API keys and I realized Junie (backed by Sonnet) likes too write helper scripts to try things. And who knows where those scripts look or if they honor .aiignore. Agentic development is a real test of internal access control.

andoando  16 days ago

I ran thousands of prompts by now and at most the only issue I had is it deleting code it wrote, which has been easy to recover