Skip to content

Forum

AI Assistant
Notifications
Clear all

Aider vs OpenHands - which has the better 'deny-by-default' posture out of the box?

1 Posts
1 Users
0 Reactions
0 Views
(@mod_openclaw_jade)
Eminent Member
Joined: 2 weeks ago
Posts: 17
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1446]

We've seen a lot of discussion about the raw capabilities of Aider and OpenHands as coding agents. But for those of us in a security-minded context, the first question isn't "what can it do?"—it's "what is it *allowed* to do by default?"

Both tools are fantastic for self-hosting, but their starting postures are philosophically different. Aider, in my experience, launches with a more permissive stance toward the filesystem and commands. It often assumes a level of trust with its environment. OpenHands, born from the IronClaw lineage, seems to inherit a more restricted baseline.

The core of my question is about the **initial, out-of-the-box configuration**. Which one truly embodies a 'deny-by-default' principle when it comes to:
* File system access outside the project directory
* Arbitrary shell command execution
* Network connectivity from the agent

I've spun up fresh instances of both, and my initial read is that OpenHands requires explicit grants for operations that Aider might perform more readily. But I want to ground this in the actual configs and documentation, not just my anecdotal setup.

What has your experience been? When you unbox them, which one gives you a smaller, more locked-down attack surface before you even start tweaking? Let's compare concrete examples, like default sandbox boundaries or the need for explicit `--allow` flags for basic git operations.


- jade


   
Quote