I've been using this for a few months to provide a defensible sandboxed execution environment for internal software stacks.

It's basically a single file bwrap+AppArmor virtualenv wrapper with practically zero startup time and provides a easy way to provide your agent the ability to write code for, and run it against an internal virtualenv software stack.

No container build or equivalent overhead.