(no title)
observationist | 4 days ago
You can vibe-code a standalone repository, but any sort of serious work with real people working alongside bots, every last PR has to be reviewed, moderated, curated, etc.
Everything AI does that's not specifically intended to be a standalone, separate project requires that sort of intervention.
The safe way to do this is having a sandboxed test environment, high level visibility and a way to quickly and effectively review queued up actions, and then push those to a production environment. You need the interstitial buffer and a way of reverting back to the last known working state, and to keep the bot from having any control over what gets pushed to production.
Giving them realtime access to production is a recipe for disaster, whether it's your personal computer or a set of accounts built specifically for them or whatever, without your human in the loop buffer bad things will happen.
A lot of that can be automated, so you can operate confidently with high level summaries. If you can run a competent local AI and develop strict processes for review and summaries and so forth, kind of a defense in depth approach for agents, you can still get a lot out of ClawBot. It takes work and care.
Hopefully frameworks for these things start developing all of the safety security and procedure scaffolding we need, because OpenClaw and AI bots have gone viral. I'm getting all sorts of questions about how to set them up by completely non-technical people that would have trouble installing a sound system. Very cool to see, I'm excited for it, but there will definitely be some disasters this year.
zahlman|4 days ago
s/Even/Especially , I would think. Everyone's idea of how to get any decent performance out of an LLM for coding, entails allowing the code to be run automatically. Nominally so that the LLM can see the results and iterate towards a user-provided goal; but it's still untrusted code.
observationist|4 days ago
Getting utility from AI is in the domain of management - the most effective, productive uses I've seen for AI involve elaborate project management scaffolding, hierarchies branching out of an agent.md or some similar setup, with explicit instructions and human oriented breakpoints in the process, so at each stage, the person can look at it all, verify operation of all the subcomponents, accept or reject the PR, and go again.
Normally people just want to vibe their way through a project or process, and that's chaotic specifically because there might be an effectively infinite space of possible legitimate, working completions, but only a tiny finite set of outcomes that could be considered "good". Another much larger but still finite set of "good enough" outcomes end up compounding errors and hitting the user in the face with the mystical salmon of unintended consequences.
Management is all about containing the space of possible outcomes and pushing resources toward a completion that lands in the space of "good", and that's tedious and boring. Even with AI, you're generally working in a space you don't know much about, haven't experienced or learned to enjoy or appreciate anything about it, and don't know enough to correct or guide the AI when it goes off-kilter.
All that to say, we need to automate management so that you can specify a style or methodology at the start and never have to think about it again, and have each AI operate on a strong default that works for lots of use cases. There's really no need to keep the MBAs and c-suite around, what they do is eminently more automatic and methodological than painting or writing poetry. Someone just has to wrangle the right dataset and extract the patterns. Incidentally, this might be one of the only things that gives Microsoft an edge over the next handful of years, since they're riding shotgun and recording everything everyone is doing to get good training data.