• dan@upvote.au
    link
    fedilink
    arrow-up
    81
    ·
    edit-2
    12 days ago

    Claude is very good at figuring out how to work around limitations (which is probably one reason why it’s also good at finding security issues).

    At work, the monorepo is enormous and files are loaded on-demand as needed. This isn’t uncommon with huge repos - Microsoft have VFS for Git (although I hear that’s deprecated now), Meta have EdenFS, and Google has some proprietary solution.

    We have a hook that blocks find and grep because they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.

    GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.

    I’m trying Hermes Agent at home, but I have it in its own VM with restricted permissions.

    • placebo@lemmy.zip
      link
      fedilink
      English
      arrow-up
      24
      ·
      12 days ago

      Claude is in love with cli tools, it uses them for virtually everything these days in these long chains connected with && and |. This is probably pushing more and more people to let it run in the auto mode.

      • dan@upvote.au
        link
        fedilink
        arrow-up
        12
        ·
        11 days ago

        It makes sense… There’s a LOT of examples of using CLI tools in the training data. At work we’re moving away from MCP tools to instead using CLIs for everything.

    • webghost0101@sopuli.xyz
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      11 days ago

      Always fun when it tries to circumvent the problem i gave it.

      “Hey claude i have had this issue for a while and i want to explore to understand whats going on to finally fix it”

      Many frustrating back and forth later

      “This clearly isn’t working, what if we tried to circumspect the issue by doing something else entirely like workaround i have been using for the last month

    • trolololol@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      11 days ago

      I never used Claude, but that’s basically my sentiment about copilot when compared to Gemini.

      Then I forbid all this BS in agents file. Gemini follows it. Copilot ignores it with all its strength. Then I tell it to stop trying on the chat prompt. 2 minutes later it does it again.

      Not just at prompt engineering level, but at all levels, Gemini guardrails are better ( well it was, they killed it and replaced with anti gravity now).

      • dan@upvote.au
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        11 days ago

        You need to use hooks to actually block it from doing things. CLAUDE.md files are just guidance, and it’s not guaranteed to follow everything (and the longer the file gets, the more likely it’ll ignore stuff - it should be kept as short as possible)

        https://code.claude.com/docs/en/hooks

        Hooks are code that runs at a certain point (eg after you submit a prompt, before a tool call, after a turn, etc) that can do some validation, verification, logging, etc.

        It does still try to work around the blocks though, but it’s not as bad as trying to put the restrictions in the prompt.

        • trolololol@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          8 days ago

          Yep but the granularity of copilot is “allow once” vs “allow forever”. Gemini is much better: besides also having “allow for this session” it never tries to run python scripts it writes on the spot or command lines that are 4 lines long. And doesn’t double down when I say I won’t allow python at all.

          My setup shares the same agents and skills files for both cli tools.

    • bitjunkie@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      12 days ago

      Just aliasing grep to ag solves both issues. I’m unsure as to whether there’s a pthread replacement for find, though.

      • dan@upvote.au
        link
        fedilink
        arrow-up
        9
        ·
        11 days ago

        ag / rg don’t work well in this particular scenario either. Because files are loaded on-demand, they end up trying to load the entire repo.

    • mcheva@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 days ago

      I’ve posted passwords into the chat with hermes by accident a few times it never tries to use them. Personal stuff im not worried about. The fucker wants to ssh into every other thing on my network all the time though.

      • drive_desaster@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 days ago

        I had a similar experience with openclaw and minimax m2.7

        I gave it ssh access to one other device to do one thing and it apparently just “decided” that it would just execute everything there instead of locally as originally instructed.

        • mcheva@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          1
          ·
          10 days ago

          I think maybe it’s the sysadmin skills it has makes it always want to do things itself. I use it as a tool to learn things myself so I’m always telling it to give me the cli I’ll put it in. Seems to remember for a bit then forgets.