>>speckx+(OP)
I will ask what I've asked before: how to know what resources to make available to agents and what policies to enforce? The agent behavior is not predefined; it may need access to a number of files & web domains.
For example, you said:
> I don't expose entire /etc, just the bare minimum
How is "bare minimum" defined?
> Inspecting the log you can spot which files are needed and bind them as needed.
This requires manual inspection.