A lot of people have secrets/config files in the projects working directory but ignored by git i.e. `.env.local`
So they're following best practice, not committing secrets but agents running locally can still see them even if sandboxing to the working directory.
I've taken to storing configs using XDG_CONFIG_HOME and have the app auto resolve them by convention or take a cli arg to specify the config path. All secrets are in files, not env vars.
That way when using sandboxing the agent can never see the configs or secrets as outside the working directory.
Sounds like a good way to do it.
Makes me think of docker secret where the secrets are exposed as files and accessable only from inside the container.
If the development environment uses docker then thats a solution too I guess
If you let your agent use docker you've basically given it root on your machine.
I use podman btw
Its aliased to docker
Building a project as a container and giving an agent access to running docker commands are different things.