Codex can read any file on your PC without your explicit approval. Other agents like Claude Code would at least ask you or are sufficiently sandboxed.

▲

throitallaway 4 hours ago | parent [-]

I'm not sure how much sandboxing can help here. Presumably you're giving the tool access to a repo directory, and that's where a juicy .env file can live. It will also have access to your environment variables.

I suspect a lot of people permanently allow actions and classes of commands to be run by these tools rather than clicking "yes" a bunch of times during their workflows. Ride the vibes.

	▲	thomas34298 3 hours ago \| parent [-]
		That's the entire point of sandboxing, so none of what you listed would be accessible by default. Check out https://github.com/anthropic-experimental/sandbox-runtime and https://github.com/Zouuup/landrun as examples on how you could restrict agents for example.