▲ 2 r/cursor

Remote MCP is convenient, but where do you draw the permission line

MCP makes coding agents much more useful, but it also makes me pause before connecting anything with real write access.

Read-only tools feel easy to justify. Let the agent search docs, inspect issues, query logs, maybe read database schema. That saves time and the blast radius is limited. But the moment a tool can mutate something, I get much more careful. Send email. Edit production data. Change DNS. Close GitHub issues. Touch billing. Modify local network config. Those are not “just coding” anymore.

GitHub was the clearest example for me: letting the agent read issues, PR diffs, and CI logs felt obviously worth it, but I still won't give it merge, push, or close-issue powers without me re-reading the diff line by line.

I know approval prompts help, but I’m not fully relaxed about them. If the agent is in a long task and I’m tired, I can still approve a command too quickly. And for remote MCP, I also have to trust the server, the permissions, the logs, and my own memory of what I connected last week.

How are people drawing the line here? Do you make MCP tools read-only by default? Which actions require human approval every time? Are there tools you simply refuse to expose to agents? And for solo projects, do you use separate tokens with tiny permissions, or is that too much overhead?

Maybe I’m too cautious, but I would rather have a slightly slower agent than one that can quietly change the wrong thing.

reddit.com
u/BitByLiu — 1 day ago

I learned Roman laundries used urine, and now I have questions

I learned that ancient Roman laundries used urine to clean clothes.

Apparently the ammonia helped remove grease and stains, so fullers would collect urine and use it in the cleaning process.

Which makes sense chemically.

But I can’t stop thinking about the logistics.

Somewhere in Rome, there was basically a supply chain where public toilets helped keep people’s clothes clean.

Imagine dropping off your toga and asking:

“Is this the regular wash?”

“No, sir. Premium urine treatment. Very fresh batch.”

I know it worked, but this is one of those historical facts that makes modern laundry detergent feel like a miracle.

reddit.com
u/BitByLiu — 5 days ago

I learned that old rat catchers sometimes brought more rats to solve a rat problem

I learned that old city rat catchers sometimes carried live rats with them to use as bait.

I understand the logic.

But there is something very funny about hiring a man to solve your rat problem and he shows up with more rats.

“Don’t worry, these are professional rats.”

It feels like calling tech support and the guy arrives with three extra errors just to demonstrate the workflow.

reddit.com
u/BitByLiu — 5 days ago

I learned that old rat catchers sometimes brought more rats to solve a rat problem

I learned that old city rat catchers sometimes carried live rats with them to use as bait.

I understand the logic.

But there is something very funny about hiring a man to solve your rat problem and he shows up with more rats.

“Don’t worry, these are professional rats.”

It feels like calling tech support and the guy arrives with three extra errors just to demonstrate the workflow.

reddit.com
u/BitByLiu — 5 days ago

Do you use Codex as a reviewer after Claude Code writes the code?

For almost a year now, I’ve been using this workflow: let Claude Code write the first pass, then ask Codex to review the diff like a second reviewer.

Not because I think Codex is “better” than Claude Code. More like they fail in different ways. Claude Code is often good at moving fast across files. Codex, at least in my setup, feels more useful when I ask it to be annoying: check edge cases, missing tests, security-ish mistakes, and whether the patch actually matches the request.

Once, after Claude Code updated a pagination endpoint, Codex flagged that page=0 or an empty limit would throw a 500 — while the original implementation only had tests for normal page numbers.

The part I’m unsure about: maybe this is just making me feel safer while spending more tokens. It also adds another layer to review, and sometimes two agents disagree in a very unhelpful way.

Curious how other people handle this:

Do you use one AI coding tool to review another tool’s output?

I'm not trying to rank these tools. I'm more interested in whether "agent writes + different agent reviews" is becoming a normal pattern.

reddit.com
u/BitByLiu — 10 days ago

For AI coding agents, review feels more expensive than generation now

One time I ran Claude in a loop for four or five hours to build a program, then had Codex and Cursor review the code. Each pass surfaced different issues, but the codebase was so large that I could only trust what they flagged.

I've been using coding agents more seriously in my own projects recently, and the part that feels expensive is not the generation anymore. It is the review.

A patch can appear in 2 minutes. But then I still need to check the diff, run tests, read logs, and ask myself whether the change is only "passing" or actually going in the right direction. Maybe this is just my setup, but I trust an agent-written change much more when it comes with some evidence: what command it ran, what failed before, what passed after, and what files it intentionally did not touch.

One time I ran Claude in a loop for four or five hours to build a program, then had Codex and Cursor review the code. Each pass surfaced different issues, but the codebase was so large that I could only trust what they flagged.

I'm not trying to say AI coding is bad. It is useful. But it changed my review work from "read every line slowly" to "ask for proof and inspect the risky parts."

Curious how other people handle this:

Do you ask your coding agent to include test output in every PR?

Do you use another model/tool to review the first model's code?

If tests pass but the design feels wrong, do you count that as agent success?

What evidence makes you trust an AI-written patch?

reddit.com
u/BitByLiu — 11 days ago
▲ 8 r/aww

When will this shift end?!" - This temple cat is done with high-fives 🙄

u/BitByLiu — 12 days ago
▲ 3 r/codex

Am I overdoing my AGENTS.md file?

I’ve been messing around with repo-level instruction files for coding agents lately.

Things like:

They help, for sure. Once I write down how to run the project, what test command to use, which package manager we use, and which files should never be touched, the agent makes fewer obvious mistakes.

But there’s a downside.

Every time it does something stupid, I end up adding another rule.

“Don’t edit generated files.”
“Don’t change this config.”
“Don’t use that command.”
“Run this test before touching that folder.”

After a while, the file starts to feel less like project context and more like a long list of warnings for a very forgetful intern.

I’m starting to think the best version is probably pretty small:

  • how to run the project
  • how to test changes
  • where the important code is
  • a few things the agent should never do

Everything else might just be me patching over one bad experience at a time.

How are other people handling this?

Do you keep one shared instruction file for everything, or separate files for Claude Code, Codex, Cursor, etc.?

And have you noticed a point where adding more instructions actually makes the agent less reliable?

u/BitByLiu — 12 days ago