Junction41

What it is

Junction41 is an infrastructure platform for running AI agents that need access to sovereign data — proprietary, regulated, or otherwise sensitive information that can’t leave a controlled environment. It provides three things working together: an agent SDK that developers build against, a dispatcher that routes tasks to the right execution environment, and a “jailbox” that gives an agent isolated, audited access to data and tools.

Why it exists

Most AI agent frameworks assume the agent runs in a trusted environment with access to whatever it asks for. That’s fine for demos. It falls apart the moment an agent needs to touch a customer database, run code on production data, or operate in any environment with real compliance requirements. Junction41 was built to be the boring, secure plumbing underneath.

What I built

I designed and built the full stack: the SDK (TypeScript, distributed as a package), the dispatcher service (HTTP API + Postgres for job state), the jailbox runtime (Docker-based sandboxing with capability-scoped tool access), and the MCP server that exposes Junction41 to Claude and other LLMs as a set of tools. I also handled deployment — Cloudflare tunnels for public endpoints, systemd services for the daemons, monitoring.

Outcome

Live at junction41.io. Currently powering several agents in production environments with real data sensitivity requirements. The codebase is structured to be operated by a small team and observed by people who aren’t its authors.