sandbox-runtime

https://github.com/anthropic-experimental/sandbox-runtime

A lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container.

uses sandbox-exec on mac and bubblewrap on linux.

Can be used as a command line wrapper

There is a pi extension to bring it into pi (compare pi-sandbox)