I'm with you here! The idea with yolo-cage is that the worst the LLM can realistically do is open an awful PR and waste your time. (Which, trust me, it will.) Claude suggested the phrase: "Agent proposes, human disposes."

I'm not saying you should allow all your devs access to the prod server in practice (security in layers and all that). I'm saying, if you wouldn't trust a person to be competent and aligned enough with your goals to have that access in principle, why would you trust them to write code for you? Code that's going to run on that very same server you're so protective about. Sure you may scrutinize every line they write in detail, but then what's the point of hiring them?