The Blackwall Between Your AI Agent and Your Filesystem

Every AI coding agent you run has the same permissions you do. Claude Code, Cursor, Codex, Aider. They can read your SSH keys, write to your shell config, and run any command your user account can. We accept this because the alternative is setting up Docker containers and dealing with volume mounts and broken toolchains every time we want an agent to help with a project. That trade-off has always felt wrong to me. Not because I think my AI agent is malicious, but because I know it executes code