This is awesome! I think this is one of the most important technical hurdles in deploying agent applications right now.

I'm involved with a project building something very similar, which we literally open sourced an alpha version of last week:

https://github.com/GreyhavenHQ/greywall

It's a bit different in that:

- We started with Linux

- It is a binary that wraps the agent runtime

- It runs alongside a proxy which captures all traffic to provide a visibility layer

- Rules can be changed dynamically at runtime

I am so happy this problem is getting the attention it deserves!