akitaonrails/ai-jail — reverse-engineered prompt

Build me a Rust command line tool called ai jail that lets me run coding agents like Claude Code, Codex, OpenCode, or even bash inside a safer sandbox. The idea is that when I run it from a project folder, only that project stays writable and persistent, while home, temp folders, parent folders, and sibling folders are hidden or temporary unless I explicitly allow them.

It should work on Linux using bubblewrap and on macOS using Apple sandbox exec. On first run it should create a simple dot ai jail config in the project, then reuse it. I want options for dry run, mapping extra read write paths, masking secret files like env files or machine ids, hiding the config from the agent, using a private home, disabling Docker passthrough, and handling linked git worktrees so git still works.

Please include good install and build support, tests for the core behavior, helpful error messages for common Linux AppArmor problems, and clear README examples. Look up current platform docs if needed.