jai is a lightweight Linux sandbox tool designed to safely run AI agents and untrusted scripts without full machine access. It works by prefixing any command with `jai`, giving the current working directory full read/write access while protecting the rest of the home directory via a copy-on-write overlay. Three isolation modes are available: Casual (overlay on home), Strict (separate unprivileged user), and Bare (empty private home). Unlike Docker or bubblewrap, jai requires no images, Dockerfiles, or complex configuration. It explicitly positions itself as a blast-radius reducer rather than a hardened security solution.
Table of contents
This is not hypothetical. How it works Three modes Free software, not a funnel Versus the alternatives Sort: