alt Hacker NewsEveryone who uses these tools seriously is running it on YOLO mode. It might sound crazy for someone who just started adopting agentic coding but it's how things are done now. Either that or just hand coding.
The SOTA of permission management is just to git restore when AI fucks up, and to roll back docker snapshot when it fucks up big time.
Replies
Yep, it's easier to ask forgiveness than permission. It's far easier to undo the 1% of the time they fuck up in a serious way than it is to manually audit and allow an the routine stuff.
The key is to only give them access to things you're willing to lose.
This is also why giving them any kind of direct write access to production is a bad idea.
I was doing something involving API keys and I realized Junie (backed by Sonnet) likes too write helper scripts to try things. And who knows where those scripts look or if they honor .aiignore. Agentic development is a real test of internal access control.
I ran thousands of prompts by now and at most the only issue I had is it deleting code it wrote, which has been easy to recover
I see nothing wrong with that. If I “fuck up big time” before AI, I would just git restore. There is absolutely nothing on my work computer or personal computer that I couldn’t just throw it in the ocean and within a half a day have everything restored to just like it was - including the data.