Multitui is a macOS app factory that creates sandboxed terminal apps for macOS, wrapping command-line tools in dedicated, security-hardened applications. It is designed for developers and power users who run TUI programs, particularly AI coding agents like Claude Code, Codex, and Gemini, and need to protect their filesystem and secrets from untrusted code. The core value is providing granular filesystem and network sandboxing without requiring containers or VMs, allowing users to continue using their favorite terminal emulators like iTerm2 or Alacritty while gaining per-app security controls. Each generated app becomes a first-class citizen with its own dock icon, Spotlight integration, and window management.
The core problem Multitui solves is the inherent risk of running command-line tools, especially AI agents, that may delete or modify files or leak secrets over the network. Developers often need to allow an AI agent to access project directories but want to prevent it from damaging the rest of the system. Traditional sandboxing requires complex containers or VMs that disrupt workflows and reduce productivity. Multitui addresses this by leveraging macOS's built-in sandbox-exec to create default-deny rules for file writes and deletes, while allowing specific paths. This matters because it lets users harness powerful TUI tools like Claude Code for code generation without fear of accidental harm or data exfiltration, maintaining a seamless development experience.
The first major feature is the Filesystem Sandbox, which uses macOS sandbox-exec to enforce fine-grained permissions. It defaults to denying all writes and deletes in the user folder (~), then allows targeted access to specific project directories. Users configure rules per-app, permitting read/write only to the folders the tool needs. A live deny log shows every blocked action, and with one click users can add an allow rule, making iterative rule creation simple. This provides protection while maintaining flexibility—unlike a full container, you keep your existing development environment. This feature is crucial for AI coding agents that may attempt to modify files outside their scope, ensuring only intended changes occur and reducing the risk of system corruption.
The second major feature is the Network Sandbox, which controls outbound network traffic at a domain level. Multitui can block all internet access or allow only specific hosts that your tools actually need. Combined with the filesystem sandbox, it creates a comprehensive security boundary. Users configure rules for each app, so Claude Code might reach Anthropic's API while Codex accesses OpenAI endpoints, and all other traffic is blocked. This prevents AI agents from sending data to unknown hosts, protecting API keys and proprietary code. The network sandbox pairs with the filesystem sandbox so nothing leaves your machine without explicit permission, ideal for maintaining data privacy during development.
admin
The third feature group includes the Secrets Filter and first-class macOS app capabilities. The Secrets Filter automatically scans outbound network traffic for API keys, tokens, and credentials before they leave the machine, powered by the gitleaks engine. Additionally, Multitui creates first-class macOS apps: each TUI gets a dedicated .app bundle with its own dock icon, Spotlight integration, proper window management, and support for window managers like Rectangle and Magnet. Finder integration adds toolbar buttons, context menus for launching apps with folders or files, and drag-to-dock support. Each app also offers per-app themes, custom app icons, and style customization for contextual awareness—for example, a red background for production environments.
Multitui's workflow is straightforward: users select a command-line tool from the library or enter a custom command, configure sandbox rules (filesystem paths, network domains, secrets filtering), optionally set per-app style (window, HUD, menu bar), and generate a standalone .app bundle. The factory interface provides a live preview. Each app maintains its own isolated shell history and snippets, separate from the main shell, and includes a command palette for quick actions. Apps can be launched from the dock, Finder toolbar, right-click context menu, URL scheme (`claudecode://open?arg=/path`), AppleScript, or command line. This approach means users don't need to edit raw sandbox profiles; Multitui manages rulesets per-app, and the deny log makes troubleshooting immediate.
Concrete use cases include running AI coding agents like Claude Code or Codex with full filesystem and network sandboxing, allowing them to work on projects without risking system files. Terminal utilities like lazygit, htop, or dua can be turned into dedicated apps with custom styles, reducing terminal tab clutter and providing quick access. Menubar widgets for system monitoring (snitch, jolt) or quick data (ping, ip, wttr) offer at-a-glance information without a full terminal window. For file-based tools like nano, harlequin, or jqp, Multitui registers them as file handlers so double-clicking a file opens the correct TUI. These use cases improve security, organization, and contextual awareness—especially when using color-coded styles for different environments or projects.
Multitui is built for developers, DevOps engineers, security-conscious power users, and anyone who runs AI agents or TUI tools on macOS. It requires macOS 15+ and is currently in beta (v0.15.0, 24 MB) with free download. The tech stack leverages macOS native sandbox-exec, gitleaks for secrets scanning, and integrates with window managers and Little Snitch. The platform is exclusively macOS. Multitui complements existing terminals like iTerm2, Ghostty, Alacritty, and Terminal.app, providing dedicated windows for specific tools. By combining ease of use with robust sandboxing, Multitui offers an essential layer of protection for modern development workflows, allowing users to adopt powerful AI coding agents without compromising security.
Developers, DevOps engineers, security-conscious power users, and anyone who runs AI coding agents (Claude Code, Codex, Gemini) or other command-line TUI tools on macOS. Also suitable for users who want to isolate their development environment from untrusted code without using containers or VMs. Specifically targets users of macOS 15+ who prefer native apps and want to leverage Terminal utilities like lazygit, htop, or network monitoring tools with enhanced security and convenience.
Updated 2026-02-28