i found a quite simple way to forward agent:

run this in the container
socat UNIX-LISTEN:/var/run/agentBridge.sock,reuseaddr,fork TCP:192.168.65.1:12345

run this on the mac osx host
socat TCP-LISTEN:12345,reuseaddr,fork,bind=127.0.0.1 UNIX-CLIENT:$SSH_AUTH_SOCK

The drawback is that its listening on a public port 12345 which could be read by anybody, but its limited on the loopback device (and xhyve box)