Can you do so with SQLite? Doesn’t seem possible. Agent is capable of writing code so is capable of interacting with file. Cannot remove write from agent because needs to put message.
Realistically, once you are using agent team you cannot have human in the loop so you must accept stochastic control of process not deterministic. It’s like earthquake or wind engineering for building. You cannot guarantee that building is immune to all - but you operate within area where benefit greater than risk.
Even if you use user access control on message etc. agent can miscommunicate and mislead other agent. Burn tokens for no outcome. We have to yoke the beast and move it forward but sometimes it pulls cart sideways.
Your agent harness shouldn't place that file anywhere that code executed by the agent can write to.
This is why good agents need a robust sandboxing mechanism.
I see. Very reasonable. The harness ensures that the tool calls are executed in a different user or cgroup. Nothing about the tool call requires it to be in the same space as the harness itself. Very simple solution and embarrassed I didn’t mention it. Thanks, Simon.
I am making sure that the development instance doesn't wipe itself when testing. There are test guidelines to use a :memory: fixture, but Claude Opus is an idiot and I can't trust it--Codex is much more sane about such things.
“””
Data Integrity
The SQLite database at /workspace/.piclaw/store/messages.db must never be deleted. Only repair/migrate it when needed; preserve data.
“””