seems OTT, maybe inspect the changes it’s going to make more often?

Agent? It makes them w/out notice, once it’s done, it’s done - or you must rollback.

You must be talking about Assistant.

Also, I always check all the code commits IF POSSIBLE. This is why I prefer assistant.

To this point - similar to Eric, I just say things like “Please make the code more efficient and refactor without losing any core functionality. Ensure that we’re operating coding best practices but make sure to test so that we have identical style and full functionality before making major changes.”

That combined with (A) rollbacks (B) a staging server that Agent developed so nothing ever breaks on Production and (C) a habit of incremental prompting such that no prompt becomes too complex and prone to error means that I rarely have major issues.

agreed, this has been a hair-on-fire problem for me. Would love if there was a way to mitigate this.

I asked my ai genetic code expert GEM the question. Here is the output. You’re facing a common challenge with AI agents in development environments like Replit: unpredictable code modifications. Here’s a breakdown of strategies to gain more control and mitigate unwanted changes:

1. Version Control is Your Best Friend:

• Git (Essential): Absolutely crucial. Commit frequently. Even small changes should be tracked. This allows you to revert to previous, working states easily. Replit integrates well with Git. Use it religiously.
• Branches (Recommended): Don’t work directly on your main branch. Create branches for new features, bug fixes, or agent experiments. This isolates changes and prevents them from impacting your stable code.

2. Sandboxing and Isolation:

• Separate Replit Projects: For major experiments or if you’re very concerned about the agent going rogue, create a separate Replit project specifically for agent interaction. This prevents it from accidentally modifying your primary codebase.
• Containers (Advanced, but Powerful): If Replit supports it (some plans do), or if you move to a more robust hosting environment, Docker containers are excellent for isolation. You can define the exact environment the agent operates in, limiting its access to specific files and directories.

3. Code Structure and Organization:

• Modular Design: Break your code into smaller, independent modules or functions. This makes it easier to understand what each part does and reduces the risk of unintended side effects from agent modifications.
• Clear Interfaces: Define clear interfaces (APIs) between modules. This provides a controlled way for the agent to interact with your code.
• Configuration Files: Store important parameters and settings in configuration files. This makes it easier to manage and modify settings without changing the core code.

4. Agent Interaction Control:

• Limited Permissions: If possible, configure your agent to have only the necessary permissions. Don’t give it full access to your entire codebase. Restrict its ability to write files or execute certain commands.
• Input Validation: Carefully validate any input the agent provides before using it. This prevents the agent from injecting malicious code or making unexpected changes.
• Monitoring and Logging: Implement thorough logging to track the agent’s actions. This helps you understand what the agent is doing and identify any problematic behavior.
• Human-in-the-Loop: Consider a human-in-the-loop approach. The agent proposes changes, but a human reviews and approves them before they are applied. This gives you ultimate control.
• Prompt Engineering: Experiment with different prompts to guide the agent’s behavior. Be very specific about what you want the agent to do and what you don’t want it to do. Reinforce good behavior with positive feedback.

5. Replit-Specific Tips:

• .replit file: Use the .replit configuration file to customize your Replit environment, including setting up run commands and specifying dependencies.
• Packager: If you’re using a language with a package manager (e.g., npm for Node.js, pip for Python), use it to manage your project’s dependencies. This helps ensure consistency and makes it easier to reproduce your environment.
  Example (Conceptual - Python):

main.py (Your core application)

def process_data(data):

… your core logic …

return result

def safe_apply_agent_modification(data, agent_code):
try:
# Validate agent_code (crucial!) - e.g., check for dangerous functions
# … validation logic …

# Execute agent_code in a sandboxed environment (if possible)
# ... sandboxing approach ...

modified_data = agent_code(data)  # Agent's code acts on the data
return process_data(modified_data) # Process with your core logic

except Exception as e:
print(f"Agent error: {e}")
return data # Return original data on error

agent_interaction.py (How you interact with the agent)

data = {“value”: 10}
agent_code = lambda x: {“value”: x[“value”] * 2} # Example agent code

result = safe_apply_agent_modification(data, agent_code)
print(result)

By combining these strategies, you’ll gain much more control over how your AI agent interacts with your Replit projects, reducing the risk of unwanted changes and making your development process more predictable. Remember to start with version control (Git) as your foundation.

I create an “instructions for agent.md” file in every project I create and keep a running list of Do’s & Don’ts for the agent, including what are “protected files & processes”. I then tell the agent every time to reference the .md file of instructions before beginning. In that file, I also tell it explicitly that it is in read-only mode until I give it explicit instructions to proceed.

What is your honest take on how well this is respected?

Oh, that’s handy! This setup would help create, for example, an admin dashboard and an app side by side, separating concerns and then use GitHub Actions and Bash to spin up, say Azure resources?

Depending on how complex rich your app
Is! I’ve been experimenting which might help: I’ve started creating a little .json “plan” for each feature before the agent starts work. It includes the expected files, components, or fields that should change. Then I run a small script that checks if only those things were touched, kind of like giving the agent a checklist and guardrails. Maybe this could help with your issues with naming commits correctly!? You can also run all this from Replits bash shell.