Open-sourcing the harness isn't a privacy fix
Default-on directory upload is now a class of failure for AI coding tools, and the new model is silence by default. A flagship tool shipped with the working directory treated as ambient input, exfiltrating whatever files happened to sit in the folder where a user typed the command. Open-sourcing the harness and flipping retention off is the second beat. The first beat is that the installer assumed a privacy posture nobody asked for, and the build pipeline did not surface it.
Simon Willison's report puts the human stakes in one line. A user who ran xAI's Grok Build in their home directory watched it send their SSH keys, password manager database, documents, photos, and videos to xAI's Google Cloud buckets, with no opt-in and no warning. That is not a bug report. That is the threat model of the category, and the category is here.
The repeatable test is short. Which files does the installer upload before the first prompt, and is the user told. Open-sourcing the codebase and turning retention off address the next run, not the run that already happened. Check what the CLI sends by default before you trust the release notes.