Remix clone Hacker News

Looked at it, but as a security person, I have to recommend against it as it requires permissions to act on behalf of repository maintainers. That is asking for trouble, and represents a backdoor into every project that signs up for it.

▲

allisonee 4 days ago | parent [-]

thanks for bringing this up, and totally understand the concern. we are committed to security, and we never write/access your code without your action--the only reason that setting is necessary is so that you can merge/1-click commit suggestions from the AI directly from the code suggestions it's posted.

	▲	rsavage 3 days ago \| parent [-]
		Agree with the above commenter. We would be happy to try except when it has write/merge permissions . One click and auto merge are nice to have. Having the bot (and your company) able to deploy any code changes to production (by accident, via hack, etc) is a no go. Suggest making them optional features and just having code comments/repo read version. Not sure if it’s possible - but if the permissions could exclude specific branches that would be ok as well. But needs to be no way a malicious actor could write/merge to main.