Hello, thank you for your input. I appreciate you taking the time to detail your thoughtful response.
I however politely disagree with your suggestion however. I would argue that this current situation is either cursor has the ability to delete files at any scope within the users permissions or you cannot use agent mode at all. I think everyone likely agrees that having cursor run in a loop where it can run code, and then respond to errors messages until it fixes a bug is extremely useful. Otherwise the user has to manually run such commands themselves each time. If the agent has the ability to, and my example shows the inclination, to delete files anywhere on the developers machine outside the project scope then that represents a significant downside.
Potentially you could only whitelist the docker command and have everything be inside a container, but even that is not really close to being safe if the LLM has the mind to mount other locations.
Does that help to clarify the point I’m trying to make? We need and cursor feature where the LLM just cannot and is not able to access data and directories outside the project scope. E.g. on-the-fly terminal profile with permissions to the current project etc.