Hazmat: OS-level containment for AI coding agents on macOS

Hazmat creates OS-level containment for AI coding agents on macOS by giving each agent session its own user account, kernel-enforced sandbox, firewall, and automatic backups to prevent security risks from autonomous AI code execution. The tool addresses vulnerabilities in existing AI coding tools like Claude Code, which has accumulated 16 CVEs, by blocking credential access, filtering dangerous network protocols, and hardening against supply chain attacks while maintaining full agent productivity.