Now Is the Perfect Time to Change Sudo
The sore pain is here, LLM agents, NPM ecosystem. The timing looks perfect. There are mature solutions like Chromebooks. Some ideas: two computers in one; or two sudo levels, the higher just for system recovery and diagnosis.
The problem is not so much technical as of providing an easy path to adoption. Just use qube OS and give your agent a qube to play with. All your data stays safely in your other qubes the agent has access to passwordless sudo. Everybody wins. Perhaps is a good solution. But the focus is in a solution very easy to adopt and your proposal requires the qube OS.
What would a drop‑in, frictionless, secure‑enough replacement for sudo look like on mainstream Linux (Ubuntu/Fedora), something as easy to install as a package and as invisible as the current sudo, but with two layers of privilege (routine vs. recovery)? A dedicated user for the agent.