There is a human being (GP) reviewing the proposed code before merging. I wouldn't describe that as trusting the LLM blindly.

Yes, there is. From the OP:

"Only if they're happy with the changes, I step in to review the code and press merge."

So presumably it spins up a review app from the PR for the customer to review, really smart actually.

Ok, thanks, I misunderstood that.

Jules has access to the codebase, not the database. It doesn't see any user data.

I was talking about potential security problems introduced in the code by LLMs.

It's pretty easy to introduce something like IDOR when asking LLMs to write the code.

I review the PRs Jules makes just like I review any PR.

This is the original poster, you downvoters. I think we can assume he knows what he gave access to.