At some point someone either clicked allow or disabled permissions.
The prod system should also be isolated from a single dev in some way as well, and the backups too.
Edit:
the cloud provider’s API allows for destructive action without confirmation, it stores backups on the same volume as the source data, and “wiping a volume deletes all backups.” Crane also points out that CLI tokens have blanket permissions across environments.
This happens because you let it happen.
At some point someone either clicked allow or disabled permissions.
The prod system should also be isolated from a single dev in some way as well, and the backups too.
Edit:
Yeah, that’s stupid.
Yeah, this is just a long-winded way of blaming the tool and not the tool of a human using it.
intelligence is knowing the AI is the tool, wisdom is knowing the user is the tool
This cloud provider is also vibe coded?