Comment by nopurpose
8 hours ago
I agree that sandboxing whole agent is inadequate: I am fine sharing my github creds with the gh CLI, but not with the npm. More granular sunboxing and permission is what I'd like to see and this project seems interesting enough to have a closer look.
I am not interested in the "claw" workflow, but if I can use it for a safer "code" environment it is a win for me.
When the agent uses your GH credentials to nuke all your projects or put out a lot of crap, this separation will not save you.
whitelisting `gh` args should solve it. Event opencode's primitive permission system allows that.