jGuard is a capability-based security framework for the JVM (JDK 21+) designed for running untrusted or semi-trusted code after the removal of the Java SecurityManager.
Policies are declared using a module-style descriptor inspired by module-info.java, and enforcement happens at the JDK operation level (filesystem, network, threads, native loads).
Happy to answer questions about the threat model, design tradeoffs, or how this compares to the legacy SecurityManager.