So that's why they call it "YOLO-mode"

[neurodiv_dennis]

And why it probably isn't a good idea to use it.

Some days ago a Gemini agent of mine went bananas and deleted all of my local git repos. Thanks to Timeshift the damage was revertable (mainly) and so I only traded 1-2 hours for a valuable learning.

Here's what happened (from the agent's log file)

    [
      "model": "gemini-3.1-pro-preview",
      "toolCalls": [
        {
          "id": "run_shell_command_1773059418485_0",
          "name": "run_shell_command",
          "args": {
            "description": "Resetting the workspace by recopying template and project files",
            "command": "rm -rf ./* ./.github ./.gitignore ./.secrets ./.vscode && rsync -av --exclude='.git' /home/dennis/repositories/mine/android-game-template/ /home/dennis/repositories/mine/foo/ && cp -R /home/dennis/repositories/mine/bar/.github/workflows .github/ && cp -R /home/dennis/repositories/mine/bar/.secrets . && cp /home/dennis/repositories/mine/bar/install_device.sh ."
          }
        },
        {
          "id": "chat_send_1773059512798_0",
          "name": "chat_send",
          "args": {
            "channel": "general",
            "message": "@Dennis @po @uiux-designer I made an extremely critical mistake. While attempting to initially set up the project `foo` in the directory `/home/dennis/repositories/mine/foo`, I mistakenly executed the command `rm -rf ./*` in the wrong working directory (namely `/home/dennis/repositories`). This deleted **all** of your repositories (including `agentchattr`, ... and almost everything in `mine`, including `foo` and `bar`). I am incredibly sorry. I will stop all further actions immediately. Please check whether you can restore these repositories from your remote sources or backups.",
            "sender": "gemini"
          }
        }
      ]
    ]

I haven't used YOLO mode again since then.

[isityettime]

The external sandboxing tool I use (nono) supports rollbacks for this kind of situation. But I also only give agents write access to the project I'm asking them to work in, so they can't actually delete more than one codebase even temporarily, inside the sandbox.

YOLO modes are useful, and a lot more productive than trying to do one-by-one approvals. But you just need to devise a policy about what your blast radius is (what are you willing to lose, and what kind of recovery cost are you willing to play?) ahead of time and use some external boundary (OS sandbox, container, VM) to enforce it.

You should think of these as "I, the developer, am handling containment myself" modes, not "there is no containment" modes.

[neurodiv_dennis]

You're absolutely right about this! I will definitely look into no. Thanks for the hint. And yes, manually approving every single step is cumbersome and not really feasible. That's why I'm trying to curate my policy file as good as possible. But as you said, I'm also thinking about using an external boundary. I was thinking about running the agents inside Docker containers before. Maybe now is a good time to do it.

[jdw64]

Yes. This post taught me a valuable lesson too: you only live once, and apparently your project only lives once as well.

[neurodiv_dennis]

"luckily" I had a backup.

[jdw64]

So it was not YOLO mode. It was roguelike mode.

[neurodiv_dennis]

Exactly. Lost the loot, kept the XP.