I don't follow why you'd run uncommitted non-reviewed code outside of the sandbox (by sandbox I'm meaning something as secure as a VM) you use. My mental model is more that you no longer compile / run code outside of the sandbox, it contains everything, then when a change is ready you ship it after a proper review.

The way I'd do it right now:

* git worktree to have a specific folder with a specific branch to which the agent has access (with the .git in another folder)

* have some proper review before moving the commits there into another branch, committing from outside the sandbox

* run code from this review-protected branch if needed

Ideally, within the sandbox, the agent can go nuts to run tests, do visual inspections e.g. with web dev, maybe run a demo for me to see.