jai contains AI agents on Linux

This is the right kind of boring infrastructure: it lowers the blast radius of local agent workflows without forcing everyone into Docker or a VM.

• –Copy-on-write home plus private temp dirs target the most common failure mode: destructive file writes and wiped dotfiles.
• –Strict mode is the more serious security story, because it swaps in a separate UID and empty home for real confidentiality.
• –The ergonomics matter: `jai codex` or `jai claude` is far easier to adopt than a handwritten bubblewrap wrapper or container image.
• –It is still not a hard security boundary; network access remains, and casual mode can still read anything your user can read.