Comment by hdjrudni
1 day ago
> While it is cautious in accessing sensitive files, there’s no enforcement.
I don't understand why this isn't a day 0 feature. Like... what? I was hacking together my own CLI coding agent and... like just don't give it shell access for starters. It needs like 4 tools: read file, list files, patch file, search. Just write those yourself. Don't hand it off to bash. Want to read a sensitive file? Access denied. Want to list files but some of them might be secret env files? Don't even list them so the LLM doesn't even know they exist. Want to search the whole codebase? Fine, but automatically skip over sensitive files.
Why is this hard? I don't get it.
Is it the definition of "sensitive file"? Just let the user choose. Maybe provide a default list of globs to ignore but let the SWEs extend it with their own denylist.
The problem is that coding agents with Bash are massively more useful than coding agents without Bash, because they can execute the code they are writing to see if it works.
But the moment you let an agent run arbitrary code to test it out that agent can write code to do anything it likes, including reading files.