Let your AI agent run privileged commands — without handing it sudo.
You asked your AI agent to fix a networking issue. It needs to check routes, tweak settings, verify — and repeat until it works. Every step requires root.
You: My VPN traffic isn't routing correctly. Fix it.
Agent: Let me check your routing table.
$ ip route show Permission deniedI need root to diagnose this. Could you grant me
sudo?
You have two bad options: give the agent unrestricted sudo, or
manually copy-paste every command it suggests. The first is reckless.
The second defeats the purpose of having an agent.
The agent writes its commands into a Justfile. You review it and
approve with jusdo. The agent then runs recipes freely — iterating
as many times as needed — without sudo and without bothering you
for each step.
You: My VPN traffic isn't routing correctly. Fix it.
Agent: I'll need to inspect and modify your network config. Here's a Justfile with the commands I may need — please review and approve it.
# net-debug.just routes: ip route show ip rule list add-route interface gateway: ip route add 10.0.0.0/8 via {{gateway}} dev {{interface}} dns: resolvectl status restart-vpn: systemctl restart openvpn-client@workYou: (reviews the commands) Looks reasonable.
$ sudo jusdo allow net-debug.just -d 30Agent: Thanks. Let me investigate.
$ jusdo run net-debug.just -- routes default via 192.168.1.1 dev eth0 10.0.0.0/8 via 192.168.1.1 dev eth0 # <- wrong, should go via tun0Found it — the VPN route is going through your LAN gateway.
$ jusdo run net-debug.just -- add-route tun0 10.8.0.1Let me verify.
$ jusdo run net-debug.just -- routes 10.0.0.0/8 via 10.8.0.1 dev tun0 # fixedRoute is correct now. Let me restart the VPN to make sure it holds.
$ jusdo run net-debug.just -- restart-vpn $ jusdo run net-debug.just -- routes 10.0.0.0/8 via 10.8.0.1 dev tun0 # still goodDone. Your VPN traffic is routing correctly now.
The agent ran 5 privileged commands across multiple iterations — you only had to approve once. The grant expires in 30 minutes automatically.
Start the daemon (once, as root):
sudo jusdo serveThen the workflow is always:
# 1. Agent writes a Justfile with the commands it needs
# 2. You review and approve
sudo jusdo allow ./Justfile
# 3. Agent runs recipes as many times as needed — no sudo
jusdo run ./Justfile -- recipe-name# Admin (require sudo)
sudo jusdo allow ./Justfile # approve for 60 min (default)
sudo jusdo allow ./Justfile -d 120 -y # 120 min, skip confirmation
sudo jusdo renew ./Justfile -d 120 # extend grant
sudo jusdo list # show active grants
sudo jusdo revoke ./Justfile # revoke immediately
# Agent / developer (no sudo needed)
jusdo run ./Justfile -- recipe-name
jusdo run ./Justfile -- recipe arg1 arg2# flake.nix
{
inputs.jusdo.url = "github:mlavrinenko/jusdo";
outputs = { nixpkgs, jusdo, ... }: {
nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [{
environment.systemPackages = [
jusdo.packages.x86_64-linux.default
];
}];
};
};
}Or: nix profile install github:mlavrinenko/jusdo
cargo install --path . # requires Rust 1.85+npx skills add https://github.com/mlavrinenko/jusdo --skill jusdoOnce installed, the agent will use the jusdo workflow whenever it needs
root — no prompting required.
- Scoped access. Grants are tied to a specific Justfile, user, and time window. No blanket root.
- Hash verification. SHA-256 of the Justfile is recorded at approval and re-checked before every run. Modified files are rejected.
- Environment isolation. Child processes get a cleared environment.
Only
PATH,HOME, andLANGare set. - Socket auth.
SO_PEERCREDverifies caller UID. Only root can grant/revoke. Any user can run approved recipes. - Auto-expiry. Grants expire after the configured duration.
Prerequisites: Nix with flakes enabled.
nix develop
just check # clippy + tests + file size limitsMIT