- https://github.com/webcoyote/sandvault: sandboxes AI agents in a MacOS limited user account, and also uses sandbox-exec to limit access, though fence has more strict limitations

- https://github.com/webcoyote/clodpod: sandboxes AI agents in a MacOS virtual machine

Note: I’m the author of both of these Apache open-source projects