Just use qube OS and give your agent a qube to play with. All your data stays safely in your other qubes the agent has access to passwordless sudo. Everybody wins.
Perhaps is a good solution. But the focus is in a solution very easy to adopt and your proposal requires the qube OS.
What would a drop‑in, frictionless, secure‑enough replacement for sudo look like on mainstream Linux (Ubuntu/Fedora), something as easy to install as a package and as invisible as the current sudo, but with two layers of privilege (routine vs. recovery)?
Just use qube OS and give your agent a qube to play with. All your data stays safely in your other qubes the agent has access to passwordless sudo. Everybody wins.
Perhaps is a good solution. But the focus is in a solution very easy to adopt and your proposal requires the qube OS. What would a drop‑in, frictionless, secure‑enough replacement for sudo look like on mainstream Linux (Ubuntu/Fedora), something as easy to install as a package and as invisible as the current sudo, but with two layers of privilege (routine vs. recovery)?
A dedicated user for the agent.