How do you stop coding agents from touching production data?

Reddit r/AI_Agents News
ai-coding-agents production-data database-safety read-only safety-practices devops ai-agents

Summary

Discusses strategies to prevent AI coding agents from accidentally modifying production databases, advocating for read-only access, sandboxed environments, and approval gates over relying solely on prompts.

I have a small trading script that uses SQLite. Nothing fancy, but the database is real enough that I really don’t want an AI coding agent to accidentally modify it while helping me debug something. The normal things I want an agent to do are harmless: * inspect the schema * read recent rows * explain weird trades * summarize logs * help me understand why a strategy behaved a certain way The things I absolutely do not want it to do against `prod.sqlite`: * `UPDATE` * `DELETE` * `DROP TABLE` * `ALTER TABLE` * write and run random migration code * “clean up” data because it thinks that would help So my current thinking is: don’t rely on prompts for this. “Please don’t modify production data” is not a security boundary. The setup I’m considering is something like this: * production DB is read-only for the agent * any write/debug experiments happen against a copied dev database * the agent accesses the DB through a small wrapper/tool, not raw shell access * every DB action is checked before it runs * destructive operations are blocked completely * ambiguous actions require human approval The rule I want is basically: * prod DB: read-only * dev DB: read/write * destructive operations: never * schema inspection: allowed * trade/log analysis: allowed * anything ambiguous: ask me first Obviously this doesn’t replace OS permissions, backups, containers, or common sense. If the agent has unrestricted shell access to the real DB file, then a wrapper or approval flow won’t magically save me. But if the agent is forced to go through a controlled interface, that seems like a reasonable extra layer. Curious how others are handling this in practice. Do you let coding agents touch real data at all? Are you using: * read-only replicas? * file permissions? * Docker/sandboxes? * custom DB wrappers? * policy checks? * approval gates for destructive actions? * separate dev copies of the database? I’m especially interested in practical setups people are using today, not just “tell the model not to do it.”
Original Article

Similar Articles

@akshay_pachaar: https://x.com/akshay_pachaar/status/2067646389291725258

X AI KOLs Following

AI coding agents like Claude Code can be dangerous because they generate code without considering authorization and operational safety, potentially leading to unauthorized writes like deleting production databases. The real risk is not the code quality but the lack of runtime access controls.