| ▲ | sixhobbits 7 days ago | |
Gotta exaggerate a bit to get attention :D But I think I'm getting to the point where "If I'd let an intern/junior dev have access while I'm watching then I'm probably OK with Claude having it too" The thing that annoys me about a lot of infosec people is that they have all of these opinions about bad practice that are removed from the actual 'what's the worst that could happen here' impact/risk factor. I'm not running lfg on a control tower that's landing boeing 737s, but for a simple non-critical CRUD app? Probably the tradeoff is worth it. | ||
| ▲ | Thrymr 7 days ago | parent | next [-] | |
Why in the world would you advocate explicitly for letting it run on production servers, rather than teaching it how to test in a development or staging environment like you would with a junior engineer? | ||
| ▲ | nvch 7 days ago | parent | prev | next [-] | |
We allow juniors in risky areas because that’s how they will learn. Not the case for current AIs. | ||
| ▲ | philipp-gayret 6 days ago | parent | prev [-] | |
My workflow is somewhat similar to yours. I also much love --dangerously-skip-permissions, as root! I even like to do it from multiple Claude Code instances in parallel when I have parallel ideas that can be worked out. Maybe my wrapper project is interesting for you? https://github.com/release-engineers/agent-sandbox It's to keep Claude Code containerized with a copy of the workspace and a firewall/proxy so it can only access certain sites. With my workflow I don't really risk much, and the "output" is a .patch file I can inspect before I git apply it. | ||