[Yoric]

Anecdotally, a few weeks into a Rust agent-first project, we're still trying to get the agent to maintain a minimum of coding discipline (e.g. don't use sync Mutex in tokio code). So far, the agent seems more interested in deactivating the linters than in complying.

Security? At this stage, I'm a bit afraid that it's a joke more than anything else.

[cadamsdotcom]

That should be solvable by denying permission to edit the lint files with a message saying lint files cannot be edited and not to use workarounds (sed, scripting etc)

You could also use hooks to block running of scripts for some number of turns after an attempt to cheat.

[Yoric]

The agent can disable the lints inline, so that's not sufficient.

Also, I haven't found a cross-platform + cross-agent mechanism to set permissions. Much less one that works.

Right now, I'm working on a hook that checks for changes in source files, but the plug-in system (at least of opencode) seems quite buggy.