> Hopefully they never actually implement this pointless feature because it will only give people a false sense of security given the unpredictable nature of LLMs. How could something like this even be enforced?

You run everything the model wants to do inside an OS-enforced sandbox of the sort browsers have used for decades to isolate tabs. It's already implemented and works fine. Codex just needs a few minor tweaks to make it apply its already-implemented sandboxing policy to a few situations it misses today.

> People just need to learn how to use the tools their system already provides them. i.e., chmod

I'm not running my agent as a separate POSIX user. Fortunately, my OS provides all the tools I need to free my having to do so.

I love when I do something in a few hours and people later call it impossible.

The whole point of using an agent is that I don't want to learn everything. I fully expected the harness to read the .agentignore file and do what is needed to hide it from the LLM.

But apparently, even if implemented, that's not how it works!