Yes, this is a good point. I think not asking to run commands is maybe the most controversial choice we've made so far.

The reason we don't ask for human review is simply: we've found that it works fine to not ask.

We've had a few hundred users so far and usually people are skeptical of this at first, but as they use it they find that they don't want it to ask for every command. It enables cool use cases where Codebuff and iterate by running tests, seeing the error, attempting a fix, and running them again.

If you use source control like git, I also think that it's very hard for things to go wrong. Even if it ran rm -rf from your project directory, you should be able to undo that.

But here's the other thing: it won't do that. Claude is trained to be careful about this stuff and we've further prompted it to be careful.

I think not asking to run commands is the future of coding agents, so I hope you will at least entertain this idea. It's ok if you don't want to trust it, we're not asking you to do anything you are uncomfortable with.

It's strange that all the closed models whose mentioned reasons for being closed is safety is allowing this, and banning the apps which allows for erotic roleplay all the time. Roleplay is significantly less dangerous than full shell control.

You are really missing out: https://github.com/e2b-dev/e2b