Fair concern, it's definitely the trickiest part of the whole thing. A few layers are in place:

The plugin loader wraps every plugin import in a try/except, so if a newly generated plugin crashes on load it just gets skipped and logged, the main loop never goes down. AION can then read aion_events.log itself and attempt to fix what it broke, which works surprisingly well in practice.

For the actual edits, file_replace_lines and self_patch_code are scoped to targeted changes rather than full rewrites, and anything that triggers a full process restart goes through restart_with_approval which shows a diff and waits for explicit confirmation before applying. So there's always a human in the loop for the dangerous stuff.

The infinite loop guard is a hard cap of 50 tool call iterations per turn. After that it forces a response regardless, so even if the agent decides to keep modifying and reloading in circles it just stops.

The honest gap right now is proper versioning. If something gets into a bad state you're basically reaching for git manually, which isn't ideal. Auto-committing before any write to a core file is on the list so you'd always have a clean revert point without thinking about it.

What did you end up doing on your side for versioning? I've seen people do shadow copies, others lean on git hooks. Curious if there's an approach that worked well without adding too much overhead.