| ▲ | bikeshaving 4 hours ago |
| I keep asking why the default Claude tools like Read(), Write(), Edit(), MultiEdit(), Replace() tools aren’t just Bash() with some combination of cat, sed, grep, find. Isn’t it just easier to pipe everything through the shell? We just need to figure out the permissions for it. |
|
| ▲ | fcarraldo 4 hours ago | parent | next [-] |
| Because the Tools model allows for finer grained security controls than just bash and pipe. Do you really want Claude doing `find | exec` instead of calling an API that’s designed to prevent damage? |
| |
| ▲ | arbll 4 hours ago | parent | next [-] | | It might be the wrong place to do security anyway since `bash` and other hard-to-control tools will be needed. Sandboxing is likely the only way out | | |
| ▲ | jitl 30 minutes ago | parent [-] | | not for every user or use case. when developing of course i run claude —-do-whatever-u-want; but in a production system or a shared agent use case, im giving the agent least privilege necessary. being able to spawn POSIX processes is not necessary to analyze OpenTelemetry metric anomalies. |
| |
| ▲ | webstrand 4 hours ago | parent | prev [-] | | yeah, I would rather it did that. You run Claude in a sandbox that restricts visibility to only the files it should know about in the first place. Currently I use a mix of bwrap and syd for filtering. |
|
|
| ▲ | rfw300 4 hours ago | parent | prev [-] |
| Making those tools first-class primitives is good for (human) UX: you see the diffs inline, you can add custom rules and hooks that trigger on certain files being edited, etc. |
| |
| ▲ | bikeshaving 2 hours ago | parent [-] | | I’ve found that humans are pretty good at reading through the output of bash commands. And Claude Code keeps insisting on truncating the output for some reason. |
|
