Isn't the easy way just a development VM? As in:

Install your OS of choice in a virtual machine, e.g. even hosted on your main machine.

Install the AI coding tool in the virtual machine.

Set up a shared folder between host+guest OS.

Only let the VM access files that are "safe" for it to access. Its own repo, in its own folder.

If you want to give the AI tool and VM internet access and tool access, just limit what it can reach to things it is allowed to go haywire on. All the internet and all OS tools are ok. But don't let this AI do "real things" on "real platforms" -- limit the scope of what it "works on" to development assets.

When deploying to staging or prod, copy/sync files out of the shared folder that the AI develops on, and run them. But check them first for subterfuge.

So, don't give the AI access to "prod" configs/files/services/secrets, or general personal/work data, etc. Manage those in other "folders" entirely, not accessible by the development VM at all.

Is that close?