The permissions this asks for feel kinda insane to me. Why does a kanban board need to see the code or my deploy keys among other things?

▲

jeltz 4 days ago | parent | next [-]

I would assume because it was vibe coded.

▲

gpm 3 days ago | parent [-]

More generously I'd assume because

- It's an early prototype so they haven't dealt with fine grained permissions

- They really do want to do things like access private repos with it themselves

- They really do want the ability to do things like checkout code, create PRs, etc... and that involves a lot of permission.

▲

skeeter2020 3 days ago | parent [-]

every one of your "more generous" assumptions is the opposite of what should be their process. It's the equivalent of "vacuum up as much data as possible and then decide what to do with it". Not acceptable.

	▲	gpm 3 days ago \| parent [-]
		It's "vacuuming" that data in the sense of giving API access to a tool that runs on your local computer, that seems acceptable enough for me in the early stages of developing a tool. The other privacy complains I have regarding them harvesting usernames and email addresses... not so much.

▲

TeMPOraL 3 days ago | parent | prev [-]

Because it's not "a kanban board"? It's a coding agent orchestrator that's made in the shape of a Kanban board.

You might be right that this app asks for excessively broad privileges, but your case would be much stronger if it wasn't backed by an absurdly disingenuous argument.