Skip to content
Tech News
← Back to articles

Go hard on agents, not on your filesystem

2026-03-28 | original
read original get Agent-based File Management Tool → more articles
Why This Matters

Jai offers a lightweight, easy-to-use containment solution for AI agents, allowing users to run commands and workflows securely without risking their entire filesystem. This approach enhances safety and simplifies workflow management, making AI integration more accessible and secure for developers and consumers alike.

Key Takeaways

There's a gap between giving an agent your real account and stopping everything to build a container or VM. jai fills that gap. One command, no images, no Dockerfiles — just a light-weight boundary for the workflows you're already running: quick coding help, one-off local tasks, running installer scripts you didn't write. Your files, your rules Use AI agents without handing over your whole account. jai gives your working directory full access and keeps the rest of your home behind a copy-on-write overlay — or hidden entirely. Stop trusting blindly One-line installer scripts, AI-generated shell commands, unfamiliar CLIs — stop running them against your real home directory. Drop jai in front and the worst case gets a lot smaller. Containment shouldn't be hard No images to build, no Dockerfiles to maintain, no 40-flag bwrap invocations. Just jai your-agent . If containment isn't easier than YOLO mode, nobody will bother.

How it works ​ One command. No setup required. 1 Prefix your command

jai codex , jai claude , or just jai for a shell. 2 CWD stays writable

Your working directory keeps full read/write access inside the jail. 3 Home is an overlay

Changes to your home directory are captured copy-on-write. Originals are untouched. 4 Rest is locked down

/tmp and /var/tmp are private. All other files are read-only.

Three modes ​ Pick the level of isolation that fits your workflow. Casual Strict Bare Home directory Copy-on-write overlay Empty private home Empty private home Process runs as Your user Unprivileged jai user Your user Confidentiality Weak — most files readable Strong — separate UID Medium — your UID, but home hidden Integrity Overlay protects originals Full isolation Full isolation NFS home support Yes No Yes Learn more about modes →

Free software, not a funnel ​ jai is free software, brought to you by the Stanford Secure Computer Systems research group and the Future of Digital Currency Initiative. The goal is to get people using AI more safely.

Versus the alternatives ​ jai is not trying to replace containers. It fills a different niche. Docker Great for reproducible, image-based environments. Heavier to set up for ad-hoc sandboxing of host tools. No overlay-on-home workflow. bubblewrap Powerful namespace sandbox. Requires explicitly assembling the filesystem view — often turns into a long wrapper script, which is the friction jai removes. chroot Not a security mechanism. No mount isolation, no PID namespace, no credential separation. Linux documents it as not intended for sandboxing. Full comparison →

Explore topics: jai container overlay claude bwrap
Related:
Anthropic's Claude Can Now Take Over Your Computer to Do Tasks for You
Don't YOLO your file system
OpenAI brings plugins to Codex, closing some of the gap with Claude Code
Show HN: Open-Source Animal Crossing–Style UI for Claude Code Agents
I am leaving the AI party after one drink

© 2026 GoKawiil

About | Editorial Policy | Contact