"bash based safety layer"

Is this a joke? I have a lot of respect for the authors of bash, but it is not up to this task.

Does anyone have recommendations for an agent sandbox that's written by someone who understands security? I can use docker, but it's too much of a faff gating access to individual files. I'm a bit surprised that Microsoft didn't do a decent one for vscode; for all their faults they do have security chops, but vscode just seems to want you to give it full access to a project.