| ▲ | ramoz 6 hours ago | |||||||
The deterministic context system is intuitive and well-designed. That said, there's more to consider, particularly around user intent and broader information flow. I created the hooks feature request while building something similar[1] (deterministic rails + LLM-as-a-judge, using runtime "signals," essentially your context). Through implementation, I found the management overhead of policy DSLs (in my case, OPA) was hard to justify over straightforward scripting- and for any enterprise use, a gateway scales better. Unfortunately, there's no true protection against malicious activity; `Bash()` is inherently non-deterministic. For comprehensive protection, a sandbox is what you actually need locally if willing to put in any level of effort. Otherwise, developers just move on without guardrails (which is what I do today). | ||||||||
| ▲ | schipperai 6 hours ago | parent | next [-] | |||||||
cupcake looks well thought out! You are right that bash is turing complete and I agree with you that a sandbox is the real answer for full protection - ain't no substitute for that. My thinking is that there's a ton of space between full protection and no guardrails at all, and not enough options in between. A lot of people out there download the coding CLI, bypass permissions and go. If we can catch 95% of the accidental damage with 'pip install nah && nah install' that's an alright outcome :) I personally enjoy having Claude Code help me navigate and organize my computer files. I feel better doing that more autonomously with nah as a safety net | ||||||||
| ||||||||
| ▲ | webpolis 5 hours ago | parent | prev [-] | |||||||
[dead] | ||||||||