A way to exclude sensitive files issue still open for OpenAI Codex

SubiculumCode 4 hours ago|

So how might I restrict the read paths if I am running codex as a plugin in vscode?

cowpig 7 hours ago||

I don't think we should ask the agent runtime to police itself.

I contributed to a tool for this problem that is lower-friction than traditional sandboxing:

greywall.io

But you should use something to contain an agent runtime. The idea that people run things like codex on their machines with regular user permissions is baffling to me.

eduction 5 hours ago||

Great example of why operating systems should be stealing more ideas from Qubes, the OS where everything runs in a vm.

Qubes is not practical for mobile laptop use and non expert users.

BUT it would be very practical for other OSes to offer the option of VM-style isolated containers as first class objects that are easy to make and configure boundaries on, and for which first class interop facilities are provided (eg “send this file to this container” “send the clipboard to this container’s clipboard).

swordlucky666 6 hours ago||

[dead]

iluvcommunism 7 hours ago||

[dead]

pikseladam 8 hours ago|

it has been a year and still it is not resolved

pamcake 7 hours ago|

It's not their problem to solve. Don't give it access to sensitive files on the first place.