This is why I always branch a repo before letting AI anywhere near it.
Sometimes you get fantastic results (like a day’s worth of code monkey grind in 5 mins) and sometimes the results are just preposterous. You always want to be able to review the results before anything touches main.
I think this is the way yeah. For extra protection you can also do physical backups of the project (copy pastes) at various points, because even if the LLM doesn’t know you have gitted your project, it may still run the command. The newer deepseek is much more biased towards doing this, I wrote “commit your findings to a file” and it wanted to git it. There’s always the possibility it can squash all commits or erase them (much like someone can write rm -rf in any terminal!) but this is why we invented prod/dev redundancy and RAID backups lol. You don’t necessarily have to be this paranoid when using agentic AI but it’s an extra security and some peace of mind.
I also checked and crush is completely able to write and run bash commands (incl. rm) on files not in the folder you opened it on. Definitely something to look into, I’ll check if there’s a way to containerize it better and make a post for [email protected]. Yog and I brainstormed the idea of making another linux user just for crush, then putting your main account in that user group along with the crush user, but not the crush user in your main account’s group. That way it only has perms to act on the files belonging to crush/crush, though it can still try to run any bash command it wants. And you would also have access to crush’s files with your main account so it’s more convenient. But I don’t know much yet about how linux users work, I’ll have to look into it and will make a post about it if I find something.
I think crush also has config files you can edit to blacklist or auto deny some commands.
This is why I always branch a repo before letting AI anywhere near it. Sometimes you get fantastic results (like a day’s worth of code monkey grind in 5 mins) and sometimes the results are just preposterous. You always want to be able to review the results before anything touches main.
I think this is the way yeah. For extra protection you can also do physical backups of the project (copy pastes) at various points, because even if the LLM doesn’t know you have gitted your project, it may still run the command. The newer deepseek is much more biased towards doing this, I wrote “commit your findings to a file” and it wanted to git it. There’s always the possibility it can squash all commits or erase them (much like someone can write rm -rf in any terminal!) but this is why we invented prod/dev redundancy and RAID backups lol. You don’t necessarily have to be this paranoid when using agentic AI but it’s an extra security and some peace of mind.
I also checked and crush is completely able to write and run bash commands (incl. rm) on files not in the folder you opened it on. Definitely something to look into, I’ll check if there’s a way to containerize it better and make a post for [email protected]. Yog and I brainstormed the idea of making another linux user just for crush, then putting your main account in that user group along with the crush user, but not the crush user in your main account’s group. That way it only has perms to act on the files belonging to crush/crush, though it can still try to run any bash command it wants. And you would also have access to crush’s files with your main account so it’s more convenient. But I don’t know much yet about how linux users work, I’ll have to look into it and will make a post about it if I find something.
I think crush also has config files you can edit to blacklist or auto deny some commands.