Comment by 8cvor6j844qw_d6
19 hours ago
Interesting, thanks. I use remote ephemeral dev containers with isolated envs, so filesystem damage isn't really a concern as long as the PR looks good in review. Nice extra guardrail though, will add it to the project-level settings.
i use local dev containers: the worst an agent can do is delete its working copy; no access to my home directory, access tokens or sudo.