Remix.run Logo
stingraycharles 11 hours ago

Yeah, security really is an afterthought with most of these tools, but man the community is moving insanely fast — probably because most of these people are using these automation tools to develop their MCP servers in the first place.

It’s interesting to see other tools struggling to keep up. ChatGPT supposedly will get proper MCP client support “any day now”, but I don’t see codex supporting it any time soon.

Aider is very much struggling to adapt as well, as their whole workflow of editing and navigating files is easily replaced by MCP servers (probably better as well, as it provides much effective ways of reducing noise vs signal), so it’ll be interesting to see how tools adapt.

I’d love for Claude Code (or any tool for that matter) to fully embrace the agentic way of coding, e.g. have multiple agents specialize in different topics and some “main” agent directing them all. Those workflows seem to be working really well.

ljm 5 hours ago | parent | next [-]

The real security issue is around the use of ‘YOLO mode’ where you just let the agent invoke tools in a completely unattended manner. It’s not much different than slapping sudo in front of every shell command or running as root.

People are going to continue doing that because these agentic tasks can take some time to run and checking in to approve a command so often becomes an annoyance.

I can’t see a way around that except to have some kind of sandboxing or a concept of untrusted or tainted input rather than treating all tokens as the same. Maybe a way of detecting if the response of a tool is within a threshold of acceptability within the definition of the MCP (which is easier with structured output), which is used to force a manual confirmation or straight up rejection if it’s deemed to be unusual or unsafe.

alvis 4 hours ago | parent | next [-]

It's indeed an issue. I love codex that it contains everything in a sandbox and I can review what has changed. It's proper and I've much better idea what's going on.

That said, I ditched codex for claude code... Sorry open ai. No MCP and no way to interact during execution is a huge drawback.

wunderwuzzi23 4 hours ago | parent [-]

ChatGPT Codex has internet access since a few weeks ago. It's super configurable on where it can connect to.

anuramat 3 hours ago | parent | prev [-]

anthropic provides a custom devcontainer for sandboxing, but I have fallen in love with bubblewrap - it's a single command, and I get to keep all the infrastructure: e.g. it can do nix flakes without duplicating every derivation

vessenes 5 hours ago | parent | prev | next [-]

The aider slowdown is a real bummer. I’d love to have Claude code UI with the model choice aider gets me, but I’m not willing to give up tool integration.

Maxious 10 hours ago | parent | prev [-]

https://github.com/ruvnet/claude-code-flow adds some of the multiagent features ontop

stingraycharles 8 hours ago | parent [-]

Yeah that’s what I’m experimenting with, but I think it’s overengineered, especially with the whole dogmatic SPARC approach. I’m personally a more minimalistic person, and I would prefer it to be natively integrated into the app and being able to define exactly the (system) prompts for each of the agents.