| |
| ▲ | faangguyindia 2 days ago | parent | next [-] | | how can it plan if it does not have access to file read, search, bash tools to investigate things? If it has access to bash tools then it's going to write code, via echo or sed. | | | |
| ▲ | theshrike79 a day ago | parent | prev | next [-] | | I've had it do it in plan mode. Nothing dangerous, but the limits are more like suggestions, as the Pirate code says. | |
| ▲ | jaggederest 2 days ago | parent | prev [-] | | I don't know either but I've seen it write to files in plan mode. Very confusing. | | |
| ▲ | faangguyindia 2 days ago | parent | next [-] | | It does not write anything in plan mode, it's documented here it has only readonly tools available in plan mode: https://docs.anthropic.com/en/docs/claude-code/common-workfl... But here are fine prints, it has "exit plan mode" tool, documented here: https://minusx.ai/blog/decoding-claude-code/#appendix So it can exit plan mode on its own and you wouldn't know! | | |
| ▲ | jaggederest a day ago | parent [-] | | Ok, it's done it to me 3 times today, so I don't know what to tell you. I remind it that it's in plan mode and it goes "oh no I shouldn't have modified that file then!" |
| |
| ▲ | oxidant 2 days ago | parent | prev | next [-] | | I've never seen it write a file in plan mode either. | |
| ▲ | EnPissant 2 days ago | parent | prev [-] | | That's not possible. You are misremembering. | | |
| ▲ | nomoreofthat 2 days ago | parent | next [-] | | It’s entirely possible. Claude’s security model for subagents/tasks is incoherent and buggy, far below the standard they set elsewhere in their product, and planning mode can use subagent/tasks for research. Permission limitations on the root agent have, in many cases, not been propagated to child agents, and they’ve been able to execute different commands. The documentation is incomplete and unclear, and even to the extent that it is clear it has a different syntax with different limitations than are used to configure permissions for the root agent. When you ask Claude itself to generate agent configurations, as is recommended, it will generate permissions that do not exist anywhere in the documentation and may or may not be valid, but there’s no error admitted if an invalid permission is set. If you ask it to explain, it gets confused by their own documentation and tells you it doesn’t know why it did that. I’m not sure if it’s hallucinating or if the agent-generating-agent has access to internal detail details that are not documented anywhere in which the normal agent can’t see. Anthropic is pretty consistently the best in this space in terms of security and product quality. They seem to actually care about doing software engineering properly. (I’ve personally discovered security bugs in several competing products that are more severe and exploitable than what I’m talking about here.) I have a ton of respect for Anthropic. Unfortunately, when it comes to sub agents in Claude code, they are not living up to standard they have set. | |
| ▲ | sshine 2 days ago | parent | prev | next [-] | | I've seen it run commands that are naively assumed to be reading files or searching directories. I.e. not its own tools, but command-line executables. Its assumptions about these commands, and specifically the way it ran them, were correct. But I have seen it run commands in plan mode. | |
| ▲ | laborcontract 2 days ago | parent | prev | next [-] | | No, it is possible. I just got it to write files both using Bash and its Write tools while in plan mode right now. | |
| ▲ | jaggederest a day ago | parent | prev [-] | | 3 times today. I don't know what to say besides it tries to edit files in plan mode often for me |
|
|
|
