new | ask | show | jobs
Show HN: Agent that refuses to run commands without human approval
10 points by hexer303 19 hours ago | 3 comments

In light of recent news about an agent deleting a production database, I thought now would be a good time to share this.

As the use of AI tools in production is becoming more common, sadly so will the high profile incidents like the one mentioned.

Fewshell is a terminal agent specifically designed to avoid this.

There is no setting to enable command auto-approval. This is by-design, so that the user never has to second-guess or worry about accidentally having it enabled.

Originally my intention was to build an AI mobile terminal to make typing shell commands easy. But with so many mobile-enabled 'claw' agents being available, I decided to make Fewshell the opposite of an autonomous agent.

Please star if you like, let me know what you think. Happy to answer questions.

About me: I'm an ex Amazon Sr. SDE for Alexa AI, and currently am working in AI safety research for agentic RLVR. I use this tool to run and check on my lab experiments.

hasperdi 12 hours ago  [ - ]

Numerous prompting will cause prompt fatigue, similar to pressing yes on a dialog boxes.

LLM, like fire is a powerful tool. Some people play with fire and achieved great things, some play with fire and got burned. A number of them achieved great things and got burned. We need to understand that and learn from our mistakes.

embedding-shape 9 hours ago  [ - ]

Maybe it's just me, but if I had to approve each command of the agent, that'd remove 90% of the benefits of using an agent in the first place. Almost the whole point is that I can fire off a prompt, it can do whatever and then I come back later.

Instead, wrap the agent in a way so it cannot destroy stuff in the first place. And if you still want it to "be able to destroy databases in production", do so by copy-pasting stuff out of the isolated environment. I've run codex as root, as "dangerously as possible" with zero approvals, since the launch of the TUI, and never hit a snag, because the agent literally don't have access to snag things up.

Agents WILL make mistakes, it's up to you to set things up in a way that you don't get utterly fucked when that eventually happens. Avoiding adding 10s of MCPs tools, avoiding authenticating with all platforms, services and databases and not giving it access to all directories on your computer solves 99% of the issues people are having, and there are numerous of simple ways of doing this.

Remi_Etien 15 hours ago  [ - ]

[flagged]