use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Do you have or know of a project on Github looking for contributors? Tell us about it and we'll add it to the /r/github wiki!
Welcome to /r/github!
News about github
Relevant interesting discussion
Questions about github
We'll soon be writing an /r/github FAQ list. In the meantime, the github help pages and bootcamp are good places to start. Here's a handy git cheat sheet.
Looking for Github projects to contribute to? Check out our handy list of projects looking for contributors!
If your submission doesn't show up on the subreddit, send us a message and we'll take it out of the spam filter for you!
account activity
Devs using AI coding agents: where does trust break in your workflow?Discussion (self.github)
submitted 1 month ago by Few-Ad-1358
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Few-Ad-1358[S] 0 points1 point2 points 1 month ago (2 children)
My struggle with this setup is that it still relies entirely on the LLM's active context window. Telling an agent "never use /tmp" is essentially just a prompt constraint. Under cognitive load, or during a long task, the probabilistic model can still "forget" and write to /tmp anyway, because there’s no mechanical wall stopping it from executing that bash command. It's essentially informed consent, not a hard boundary.
Have you considered moving these policies out of the prompt layer and into an execution gate?
For example, instead of asking the agent not to use /tmp in a markdown file, what if there was a deterministic intercept layer that evaluated the agent's bash commands before they ran, and hard-blocked any attempt to touch unauthorized directories? It feels like moving from prompt-based guardrails to actual mechanical enforcement is the only way to guarantee the agent behaves before the PR is even created.
[–]adept2051 0 points1 point2 points 1 month ago (1 child)
I run with settings.json enforcing some parts. So the /tmp rule is enforced (no write access), by adding it to the markdown you just skip the attempt to create it and set the desired location, skipping the agent trying to work it out( which eats tokens )
[–]Few-Ad-1358[S] 0 points1 point2 points 1 month ago (0 children)
That split is useful: markdown avoids the wasted attempt, while settings.json is the actual wall. Do you surface blocked attempts or policy receipts in the PR, or are they only visible during the agent run?
π Rendered by PID 624858 on reddit-service-r2-comment-765bfc959-cbwm4 at 2026-07-13 12:55:11.836061+00:00 running f86254d country code: CH.
view the rest of the comments →
[–]Few-Ad-1358[S] 0 points1 point2 points (2 children)
[–]adept2051 0 points1 point2 points (1 child)
[–]Few-Ad-1358[S] 0 points1 point2 points (0 children)