If you're on Linux, the easiest way IMO is to just run the agent in bwrap

I do it like this

https://github.com/flexagoon/dotfiles/blob/main/dot_config/f...

But I'm sure it's simple enough that you can just ask the agent itself to make you a command for it with proper bwrap configuration

I've been enjoying Moat [1]. Proxies credentials, networking, etc; uses MacOS containers if available; and setup worked without much fuss. I haven't tried others, though.

[1] https://majorcontext.com/moat/

nono works great with pi: https://nono.sh/