Delv
CodingActive· 5dby Cline4.3

Cline

Open-source autonomous coding agent for VS Code that edits files, runs commands and uses the browser with permission gates.

Try it Source Also in Tools: AI Code & Dev
B
Safety & Trust

Delv Safety Grade: B

Score 72/100 · assessed 2026-04-18

Maintainer65
Permissions45
Supply chain85
Transparency90
Incidents100

Cline is an open-source autonomous coding agent for VS Code with strong transparency credentials. The project has excellent documentation, active development, and clear permission gates that require user approval for sensitive operations. However, it requests powerful permissions including filesystem writes, shell execution, and browser control, which create significant attack surface despite the approval workflow. The maintainer appears to be a solo developer or small team, creating some bus factor risk. Distribution through VS Code marketplace provides reasonable supply chain integrity. The permission model is well-designed but the scope of capabilities remains broad. No known security incidents exist. Best suited for developers who understand the risks of granting filesystem and shell access to AI agents.

Green flags

  • Explicit permission gates require user approval for sensitive operations
  • Fully open source with active GitHub repository and community
  • Distributed via official VS Code marketplace with standard review
  • Excellent documentation and transparent about capabilities
  • No known security incidents or credential leaks

Red flags

  • Requests shell execution permission, enabling arbitrary command execution
  • Full filesystem write access across workspace directories
  • Browser control capability expands attack surface significantly
  • Solo or small team maintainer creates bus factor and review concerns
  • Autonomous agent architecture means extended unsupervised operation

Permissions requested

Read filesWrite filesDelete filesShell executeBrowser controlOutbound networkRead env
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEFree, BYO API keys

Platforms

vscode

Review

Cline sits in VS Code and does what you'd do if you had time: edit multiple files, run tests, check the browser, fix what breaks. The autonomy is real. You give it a task like "add authentication to this Express app" and it plans the work, writes middleware, updates routes, installs packages, runs the server, and checks if login actually works. You approve each step, but you're not writing the code or typing commands. I used it to refactor a messy API client. Cline identified all the places a hardcoded URL lived, replaced them with a config constant, updated tests, ran them, caught a broken import, fixed it, and ran them again. The whole loop took eight minutes with me clicking "approve" six times. A standard chat tool would have given me the code in pieces and I'd have stitched it together myself. The permission gates matter. Cline asks before it runs terminal commands or edits files. You can reject, approve, or tweak the plan. This keeps it from nuking your project, but it does mean you're still supervising. It's not "set and forget" autonomy, it's "I trust this plan, go ahead" autonomy. Failure modes: it sometimes fixates on the wrong file when errors span multiple modules. If a test fails ambiguously, Cline will try the same fix twice before asking for help. It also burns tokens fast on large codebases because it reads entire files into context. I've hit API rate limits on complex refactors. Versus Cursor's agent mode: Cline is more explicit about its plan and gives you finer control over approvals. Cursor feels faster but sometimes makes changes you didn't want. Versus Aider: Cline has the browser and a GUI, Aider is CLI-only but often more precise with diffs. Best workflow: give Cline a bounded task with a clear success condition. "Add error handling to these three endpoints and make sure the tests pass" works better than "improve the codebase." It thrives on specificity and dies on vagueness. It's free, it's open source, and it works. The approval gates mean you're still in the loop, which is either a feature or a limitation depending on how much you trust AI with your repo.
Verdict

If you want an agent that actually writes and tests code while you supervise, Cline delivers. It's free, transparent, and opinionated enough to be useful. Skip it if you want fully autonomous coding or if you're already committed to Cursor's ecosystem.

Good at

  • Genuinely autonomous loops: writes code, runs tests, fixes errors, checks results without hand-holding
  • Permission gates prevent disasters while keeping you in control of each action
  • Free and open source with BYO API keys, no lock-in or subscription
  • Browser integration lets it test UIs and check documentation during workflows
  • Works inside VS Code so your existing setup and extensions stay intact

Watch out

  • Burns tokens quickly on large codebases by reading entire files into context
  • Sometimes fixates on wrong files when errors span multiple modules
  • Approval gates mean you're still supervising, not truly hands-off autonomy
  • Can retry the same failed fix multiple times before asking for human input
  • Vague tasks confuse it; needs bounded goals and clear success conditions

Use cases

  • agentic coding
  • file edits
  • terminal commands