the downloads folder problem with hosted agents isn't a permission toggle, it's a machine boundary

Reddit r/AI_Agents Tools

Summary

The article explains that hosted AI agents cannot access local files like the Downloads folder due to running in ephemeral remote containers, not permission settings. It contrasts two solutions: a local MCP server or a desktop process that holds OAuth tokens and file handles locally.

Spent a chunk of last week trying to get a hosted agent to look at a contract sitting in my Downloads folder, a thread in Slack, and a doc in Drive inside one task. It kept saying it has no access to my computer, and I read that as a setting I hadn't flipped yet. it isn't a setting. Hosted agents execute their tool calls inside an ephemeral container on someone else's machine. Your disk was never mounted into it, so there's no permission that grants access, the filesystem it can see is simply a different filesystem. Uploading the file gets you a copy, and then the agent is reasoning about a snapshot while the real one keeps moving. That leaves two shapes that actually close the gap. A local MCP server the cloud client calls into, or a desktop process that holds your OAuth tokens and your local file handles in the same address space. I ended up on the second one (Runner, on mac), partly because the MCP route still leaves the client deciding what gets piped up, and partly because I wanted the approval gate sitting on the writes, not on the reads. Most of the discussion in here is about the model and the orchestration layer. The thing that actually decided it for me was dumber than either: where the process runs, and therefore what it can even see. written with ai
Original Article

Similar Articles

Running my agents in a VPS

Lobsters Hottest

The author outlines a method for running AI coding agents on an isolated VPS to enable autonomous, asynchronous work without compromising their local machine's security.