If you're on Linux, the easiest way IMO is to just run the agent in bwrap

I do it like this

https://github.com/flexagoon/dotfiles/blob/main/dot_config/f...

But I'm sure it's simple enough that you can just ask the agent itself to make you a command for it with proper bwrap configuration