I believe someone recently posted sort of a secure harness/wrapper for running coding agents in a secure sandbox. I can't find the project. Of course I can make my own wrapper with systemd-nspawn, kata or bspawn, but I believe I saw a decently well-maintained project just a while back.
Source: [Hacker News](https://news.ycombinator.com/item?id=48732627)