logoalt Hacker News

hyperhellotoday at 8:04 PM1 replyview on HN

You seem pretty cool and in it for the fun. May I make one feature request that would cause me to try it? A big reassuring READ ONLY mode that sandboxes file writes to zero. Of course that would constrain some of the product from working, that’s okay.


Replies

julesrmstoday at 8:45 PM

The default mode it uses for approving LLM tools is already read-only - it has a quite complicated (but conservative) bash parser that tries to let things that are definitely read-only get approved without bothering the user. It also has a tool for exploring the codebase where the LLM provides javascript code that runs in a sandbox with a read-only filesystem class.

But the architecture is such that this core functionality is just a plugin, and anyone can write their own custom approval filter plugin, and make it do whatever you want