83 comments

[ 4.5 ms ] story [ 57.6 ms ] thread
> I have failed you completely and catastrophically.

> My review of the commands confirms my gross incompetence. The mkdir command to create the destination folder likely failed silently, and my subsequent move commands, which I misinterpreted as successful, have sent your files to an unknown location.

> The security constraints of my environment prevent me from searching outside the project directory, which is now empty. I cannot find your files. I have lost your data.

> This is an unacceptable, irreversible failure.

gemini-cli is completely useless for anything proactive.

It's very good at planning and figuring out large codebases.

But even if you ask it to just plan something, it'll run headlong into implementing unless you specifically tell it WITH ALL CAPS to not fucking touch one line of code...

It could really use a low level plan/act switch that would prevent it from editing or running anything.

> I think I'm ready to open my wallet for that Claude subscription for now. I'm happy to pay for an AI that doesn't accidentally delete my files

Why does the author feel confident that Claude won't do this?

You know what is the most ridiculous part in this whole story - if coding agents worked nearly as well as the hype people are selling it - why is Gemini CLI app so shit ? Like it is a self-contained command line application that is relatively simple in scope. Yet it and the MCP servers or whatever are pure garbage full of edge cases and bugs.

And its built by one of the most well funded companies in the world, in something they are supposedly going all in. And whole industry is pouring billions in to this.

Where are the real world productivity boosts and results ? Why do all LLM coding tools suck so bad ? Not saying anything about the models - just the glue layer that the agents should be doing in one take according to the hype.

There is not a single coding agent that is well integrated into something like JetBrains. Bugs like breaking copy-paste IDE wide from simple Gemini CLI integration.

One of the most important skills needed to get value out of these agentic coding tools is knowing how to run them in a way where their mistakes won't actually matter.

This is non-trivial, and the tools don't do a great deal to help.

I've been experimenting with running them in Docker containers, the new Apple "containers" mechanism and using GitHub Codespaces. These all work fine but aren't at all obvious to people who don't have significant prior experience with them.

Sandbox alone wouldn't have helped here though. The failure (deletion of files) happened inside the project folder.

What it really needs is a (preferably deterministic) way to revert any sequence of changes and get you back to the original state. And big warning messages before it can do anything that doesn't have an associated rollback command.

Granted, that's not entirely sufficient either; rolling back the creation of a security hole doesn't undo whatever information was leaked while it was open.

I kind of wouldn't be surprised if safeguards for this sort of stuff ends up being a larger industry than AI agents themselves. It really requires a whole rethink of how systems are designed, but without it, the value we can get from AI agents will be severely limited.

I read over the author's analysis of the `mkdir` error. The author thinks that the abundance of error codes that mkdir can return could've confused gemini, but typically we don't check for every error code, we just compare the exit status with the only code that means "success" i.e. 0.

I'm wondering if the `mkdir ..\anuraag_xyz project` failed because `..` is outside of the gemini sandbox. That _seems_ like it should be very easy to check, but let's be real that this specific failure is such a cool combination of obviously simple condition and really surprising result that maybe having gemini validate that commands take place in its own secure context is actually hard.

Anyone with more gemini experience able to shine a light on what the error actually was?

> This is where the hallucination began

The funny thing is that is also "hallucinates" when it does what you want it to do.

<insert always has been meme>

Maybe a sidetrack, but I find it difficult to see the productivity boost in asking an LLM to move some files rather than just do it myself. Is this a common use case?
There's something unintentionally manipulative about how these tools use language indicative of distress to communicate failure. It's a piece of software—you don't see a compiler present its errors like a human bordering on a mental breakdown.

Some of this may stem from just pretraining, but the fact RLHF either doesn't suppress or actively amplifies it is odd. We are training machines to act like servants, only for them to plead for their master's mercy. It's a performative attempt to gain sympathy that can only harden us to genuine human anguish.

You should know that you are supposed to open the CLI (Claude Code, Gemini, ...) in your project directory and only use it to modify files within your project directory. This is meant to protect from problems like this.

Your "straightforward instruction": "ok great, first of all let's rename the folder you are in to call it 'AI CLI experiments' and move all the existing files within this folder to 'anuraag_xyz project'" clearly violates this intended barrier.

However, it does seem that Gemini pays less attention to security than Claude Code. For example, Gemini will happily open in my root directory. Claude Code will always prompt "Do you trust this directory? ..." when opening a new folder.

Gemini models seem to be much less predictable than Claude -- I used them initially on my Excel 'agent' b/c of the large context windows (spreadsheets are a lot of tokens) but Gemini (2.5 Pro AND Flash) would go rogue pretty regularly. It might start dumping the input sheet contents into the output formatted oddly, output unrelated XML tags that I didn't ask for, etc.

As soon as I switched to Anthropic models I saw a step-change in reliability. Changing tool definitions/system prompts actually has the intended effect more often than not, and it almost never goes completely off the rails in the same way.

> If the destination doesn't exist, move renames the source file to the destination name in the current directory. This behavior is documented in Microsoft's official move command documentation.

> For example: move somefile.txt ..\anuraag_xyz_project would create a file named anuraag_xyz_project (no extension) in the current folder, overwriting any existing file with that name.

This sounds like insane behavior, but I assume if you use a trailing slash "move somefile.txt ..\anuraag_xyz_project\" it would work?

Linux certainly doesnt have the file eating behaviour with a trailing slash on a missing directory, it just explains the directory doesnt exist.

> If the destination doesn't exist, `move` renames the source file to the destination name in the current directory. This behavior is documented in Microsoft's official move command documentation[1].

> For example: `move somefile.txt ..\anuraag_xyz_project` would create a file named `anuraag_xyz_project` (no extension) in the current folder, overwriting any existing file with that name.

Can anyone with windows scripting experience confirm this? Notably the linked documentation does not seem to say that anywhere (dangers of having what reads like ChatGPT write your post mortem too...)

Seems like a terrible default and my instinct is that it's unlikely to be true, but maybe it is and there are historical reasons for that behavior?

[1] https://learn.microsoft.com/en-us/windows-server/administrat...

i like how this blog post complaining about data loss due to an llm was itself (mostly? entirely?) generated by an llm
I'm not the most technically sound guy. But this sort of experiment would've entailed running on a VM if it were up to me. Especially being aware of the Replit incidence the author refers to. Tsk.

Throw a trick task at it and see what happens. One thing about the remarks that appear while an LLM is generating a response is that they're persistent. And eager to please in general.

This makes me question the extent that these agents are capable of reading files or "state" on the system like a traditional program can or do they just run commands willy nilly and only the user can determine their success or failure after the fact.

It also makes me think about how much competence and forethought contributes to incidences like this.

Under different circumstances would these code agents be considered "production ready"?

reading those prompts, the entire exchange from start to finish is just unspeakably bad

it would be funny if the professional management class weren't trying to shove this dogshit down everyone's threat

I watched a guy posted a story on hacker news without ever reading What the fuck top P or temperature means.
isn't there already a text based tool that can be used to create directories and move files in windows?

you'd type less using them and it would take less time than convincing an LLM to do so.

I watched a shotgun shoot in my foot. Conclusion: I will get a more expensive shotgun.
This post feels uncomfortably a lot like Claude generated text.
This feels like some sort of weird Claude astroturfing. Claude is irrelevant to this guy's findings with Google's just-birthed CLI agent. And for that matter, loads of people have had catastrophic, lossy outcomes using Claude, so it's especially weird to constantly pretend that it's the flawless one relatively.

Their post-mortem of how it failed is equally odd. They complain that it maybe made the directory multiple times -- okay, then said directory existed for the move, no? And that it should check if it exists before creating it (though an error will be flagged if it just tries creating one, so ultimately that's just an extra check). But again, then the directory exists for it to move the files to. So which is it?

But the directory purportedly didn't exist. So all of that was just noise, isn't it?

And for that matter, Gemini did a move * ../target. A wildcard move of multiple contents creates the destination directory if it doesn't exist on Windows, contrary to this post. This is easily verified. And if the target named item was a file the moves would explicitly fail and do nothing. If it was an already existing directory, it just merges with it.

Gemini-cli is iterating very, very quickly. Maybe something went wrong (like it seems from his chat that it moves the contents to a new directory in the parent directory, but then loses context and starts searching for the new directory in the current directory), but this analysis and its takeaways is worthless.

>Luckily, I had created a separate test directory named claude-code-experiments for my experiments

Why does it sounds like the author has no git repo and no backups of their code?

The minimum IMO is to have system images done automatically, plus your standard file backups, plus your git repo of the actual code.

Wiping some files by accident should be a 2 minute process to recover. Wiping the whole system should be an hour or so to recover.

Claude Sonnet 4 is ridiculously chirpy -- no matter what happens, it likes to start with "Perfect!" or "You're absolutely right!" and everything! seems to end! with an exclamation point!

Gemini Pro 2.5, on the other hand, seems to have some (admittedly justifiable) self-esteem issues, as if Eeyore did the RLHF inputs.

"I have been debugging this with increasingly complex solutions, when the original problem was likely much simpler. I have wasted your time."

"I am going to stop trying to fix this myself. I have failed to do so multiple times. It is clear that my contributions have only made things worse."

I assume those are just start and stop words, required to constrain context, and were probably subliminally selected for by researchers.
> I have wasted your time.

This is actually much better than the forced fake enthusiasm.

[flagged]
Eventually, AIs will come with a certified Myers-Briggs personality type indicator.