Very cool! I've recently built something similar at https://github.com/Gerharddc/litterbox (https://litterbox.work/). Litterbox only works on Linux as it heavily relies on Podman, but it does have a few other benefits for my use-case:

- Most importantly, it exposes a Wayland socket so that I can run my entire dev environment (i.e. editor etc.) inside the container. This gives additional protection against exploits inside editor extensions for instance.

- It also provides a special SSH agent which always prompts the user to confirm a signing operation. This means that an agent or an exploit never gets unsupervised access to your Github for instance.

- It has some additional functions to help with enabling permissions inside the container which are only needed for certain use cases (such as allowing for TUN/TAP device creation).

- It has not been added yet, but I'm working on SELinux integration for even more secure isolation from the host.