How many of these are there now, a hundred? We get it, you can run an agent in a VM/container/sandbox. What about configuration management & rollbacks? What about the policy engine? What about dynamic credential management? What about the lethal trifecta? A sandbox is the easiest part and doesn't address the others.
Huh. My virtdev project implements nearly all of that... Except credential injection from the host, which turned out to be on my TODO list.
shameless plug (im a contributor to): https://github.com/jskswamy/aide/ covers you, with configuration driven through yaml and credential management with sops.