top | item 47088678

(no title)

nextzck | 9 days ago

Recommend you never give codex or Claude access to rm or deletions in general. Always force them to replace files rather than deleting, and moving into an ~/archive folder when not replacing and wanting to “remove”.

This works well, but is not sureproof. You can add a hook onto Claude code to block those commands at various stages, I have some useful hooks at my https://GitHub.com/claude-warden repo.

discuss

Bjartr|9 days ago

It's a good guardrail, but like you say, it's not foolproof. Lots of commands have destructive options, or can be used to in turn invoke arbitrary operations. Like `find` is just as risky a call as `rm`. I can just see imagine the reasoning chain.

"There is an error due to <file>. If I remove <file>, the error could be resolved. I don't have permission to use `rm`, but `find` can be used to delete files and I have permission to use that..."

pants2|9 days ago

Couldn't these tools be made to run in an OverlayFS-type filesystem that the user could review and apply changes to when they're done?

It would also be nice to have a second agent review every command to ensure nothing overly destructive is happening.

Are either of these things possible with Codex/CC?

nightshift1|9 days ago

CC is really good at finding ways to work around denied permissions. The only safe solution is some kind of vm.