An IDE should get access to the specific directory that contains the project, not everything.

Okay. But I have more than one project. And sometimes, I want to use my IDE to open /tmp/foo.json that I just curled out.

I feel that users like me are far more prevalent than users who want to rigorously audit every path the IDE may want to open.

The article complains about saying that the app is sandboxed. I don't want my ide to be sandboxed anyway, so just flagging that in the store should be enough.

Vscode on snap runs unconfined for example, that's explicit

The "portals" mechanism can dynamically allow access to anything you pick in a file open dialog, while helping the app sandboxed.