I gave in and wired a language model into my shell. Type a comment in plain English, hit a key, get a command suggested back. Most days it's a small, genuine quality-of-life win. A few days it has tried to delete things it had no business going near, and those days are the reason I'm writing this instead of just recommending it.
The setup is a thin wrapper. A function pipes my prompt and a bit of context (current directory, OS, recent commands) to the model and prints the suggested command on the next line. Crucially it prints, it doesn't run. I read it, then press enter myself. That single decision is the only thing standing between "handy" and "career-limiting", and I'll come back to why.
For the boring stuff it's brilliant. I can never remember the exact find incantation to delete files older than thirty days, or the tar flags, or the ffmpeg line to re-encode a video down a notch. Asking in English and getting a runnable command back, that I then sanity-check, saves me a tab-out to a search engine and a scroll through a forum thread from 2014. The model is good at the long-tail syntax that I use rarely enough to forget but often enough to need.
Now the times it bit me. I asked it to "clean up the old build artifacts in here" while sitting, I'd forgotten, one directory too high. It cheerfully produced an rm -rf rooted at a path that would have taken half my project with it. It wasn't wrong about the artifacts. It was wrong about where I was, because it can't actually see my filesystem, only the few lines of context I feed it. Another time it suggested a git command that would have force-pushed over a colleague's branch, phrased with total confidence, because I'd asked vaguely and it filled the gap with the most common answer rather than the safe one.
The pattern is consistent. It fails most dangerously when the request is ambiguous and the stakes are high, which is exactly when a human would stop and ask "wait, which directory?". The model never asks. It commits.
So the rules I've settled on. Suggest, never auto-run. Read every command before it executes, especially the short confident ones, because rm, dd and git push --force are all short and confident. And treat anything touching paths, deletion or remote state as a manual review, not a convenience. Inside those guardrails it's a keeper. Outside them it's a very fast way to do exactly the wrong thing, beautifully.