envpod · Three ways to run

Pick your tier.
Download & Install.

envpod ships in three flavors so you can pick the smallest surface that fits the work. Lite for the workstation; full CLI for your Linux servers; Premium when you need governance, policy, and fleet-scale control.

Desktop · lite $20 / user / mo · free alpha · macOS + Linux CLI · CE (free) full envpod · Linux x86_64 + arm64 CLI · Premium $399 / seat / mo · everything in CE + governance

What's in each tier

A quick snapshot. Each section below has the full story.

Desktop CLI · CE CLI · Premium
Per-project sandbox + Personal AI Shield UI
Full pod model (foundation + four walls + governance ceiling)
OverlayFS COW, namespaces + cgroups, network isolation, vault, audit
OPA/Rego policy, OIDC/SSO, vault proxy, governance scorecard, OTLP
Web dashboard + remote control + WebSocket relay + envpod publish
PlatformsmacOS · Linux x86_64/arm64Linux x86_64/arm64Linux x86_64/arm64
Price$20 / user / mo
free during alpha		Free$399 / seat / mo
Tier 1 · lite · workstation

envpod Desktop · Personal AI Shield

A single-user workstation app. Sandbox every AI tool you run on your machine — Claude Code, VS Code, Cursor, Codex CLI, Continue.dev, Jupyter, Browser. The lite feature set; the CLI tiers below add the full pod model.

Linux v0.0.6 · macOS v0.0.5 (universal build pending) · alpha testing · auto-update + browser-app mode
.dmg · macOS 11+ · universal
19 MB · Intel + Apple silicon
Signed + notarized + stapled universal disk image. Drag the app into /Applications; Gatekeeper-clean offline. macOS still on v0.0.5 — v0.0.6 universal DMG is pending in a follow-up build.
⤓ Download .dmg (v0.0.5)
sha256 12cb201202147c341ed48fbf41b8a46c107502c8692d76d752199514dfa3cbc2
AppImage · any Linux
82 MB · amd64
Portable single-file binary. No install. Make executable and run. Built against Ubuntu 22.04 glibc — runs on Ubuntu 22.04+ and most distros from late 2022 onward.
⤓ Download AppImage
sha256 591119930a804bf62094c83d46b27686bba82b079bc9637757c96d5c22164738
.deb · Ubuntu, Debian, Mint
9.0 MB · amd64
Debian package with desktop-file integration. Installs to /usr/bin/envpod-desktop.
⤓ Download .deb
sha256 db56e4680c8e5849b2f25f7b115e523cb5794544b9894058f4da126eff944ba1
.deb · Ubuntu, Debian, Mint
8.7 MB · arm64
Debian package for arm64 (Raspberry Pi 4/5, Ampere, AWS Graviton). Installs to /usr/bin/envpod-desktop.
⤓ Download .deb (arm64)
sha256 8228bcac2fc114f6c56c95d37d58c31332ba6563b77c745bb3fbd4b03ac8eaad
.rpm · Fedora, RHEL, openSUSE
9.0 MB · x86_64
RPM package with desktop-file integration. Installs to /usr/bin/envpod-desktop.
⤓ Download .rpm
sha256 99dadf39005655ca45f116be4dc6e93d97873ade7fe7b3751d583d553adcf84f
.rpm · Fedora, RHEL, openSUSE
8.7 MB · aarch64
RPM package for aarch64. Installs to /usr/bin/envpod-desktop.
⤓ Download .rpm (aarch64)
sha256 8b6eab309be2f577cf6832c09f953466188c576286091ce1efa340146aed6ac0

All six files in one list: SHA256SUMS  ·  Verify with sha256sum -c SHA256SUMS

Quick install

macOS (universal, Intel + Apple silicon) — v0.0.5 is still the latest signed Mac build; v0.0.6 universal DMG pending:

curl -fsSL https://envpod.com/download/envpod-desktop-0.0.5-mac-universal.dmg -o envpod-desktop.dmg
open envpod-desktop.dmg
# drag envpod-desktop.app into /Applications

AppImage (portable, no install):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.6_amd64.AppImage -o envpod-desktop.AppImage
chmod +x envpod-desktop.AppImage
./envpod-desktop.AppImage

Ubuntu / Debian (amd64):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.6_amd64.deb -o envpod-desktop.deb
sudo apt install ./envpod-desktop.deb

Ubuntu / Debian (arm64):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.6_arm64.deb -o envpod-desktop.deb
sudo apt install ./envpod-desktop.deb

Fedora / RHEL / openSUSE (x86_64):

curl -fsSL https://envpod.com/download/envpod-desktop-0.0.6-1.x86_64.rpm -o envpod-desktop.rpm
sudo dnf install ./envpod-desktop.rpm

Fedora / RHEL / openSUSE (aarch64):

curl -fsSL https://envpod.com/download/envpod-desktop-0.0.6-1.aarch64.rpm -o envpod-desktop.rpm
sudo dnf install ./envpod-desktop.rpm

Runtime requirements

  • bubblewrap 0.9.0 or newer  (apt install bubblewrap / dnf install bubblewrap)
  • Ubuntu 24.04+: unprivileged user namespaces must be allowed. If the app's preflight screen shows the apparmor_restrict_unprivileged_userns warning, run the exact sysctl it prints.
  • For VS Code / Cursor: install the .deb from Microsoft's repo (not the snap — snap-confined tools can't be sandboxed in this release).

Get a license

Alpha is free to try. The paid tier unlocks unlimited projects, Mirror (overlay) write mode, per-project firewall, and per-project vault allowlist.

Desktop
$20 / user / mo
Personal AI Shield. Every paid feature the alpha gates currently refuse.
  • Unlimited projects
  • Mirror write mode
  • Per-project firewall
  • Per-project vault allowlist
Buy Desktop →

Already have a license? Activate it in the app's Account panel under Advanced. Paid features unlock immediately on activation — same Linux binary either way.

What's new in v0.0.6 · Linux only

Linux .deb / .rpm / AppImage shipped on 2026-05-15. The macOS universal DMG ships in a v0.0.6 follow-up build — Mac users stay on v0.0.5 until then.

  • Files (GUI) bundled profile. Opens nautilus / nemo / thunar / pcmanfm / dolphin in a sandboxed wrap, locked to the env's bound paths.
  • Files (CLI) bundled profile. Opens ranger / yazi / lf / nnn / mc in a lean terminal wrap — no GUI stack needed.
  • Claude.ai (Kiosk) + ChatGPT (Kiosk) bundled instances. Full-screen lockdown variants of the existing web-app profiles for focus-mode usage.
  • Add-Web-App wizard: three-way Window Mode picker. App window (chromeless, default) / Fullscreen (F11 to exit) / Kiosk (locked, Alt-F4 to close).
  • Chromium "Set as default browser?" prompt suppressed on first launch — across browser.yaml, claude-web, chatgpt-web, the new Kiosk variants, and wizard-generated web-app profiles.
  • Remove a user profile flow. A new "Remove a user profile" panel next to the Add forms — lists user-added profiles only (bundled ones can't be removed), shows which envs are affected before confirming, atomically clears web-app Chromium cookies + cache under ~/.config/envpod-web-app/<id>/.
  • envpod-mcp-server (new). Standalone stdio JSON-RPC MCP server wirable into any MCP-aware AI client (Claude Desktop, Cursor, Cline, Continue, Aider, Goose). Per-workspace scope via --root; trust-mode-gated execute_command with a 28-command ReadOnly allowlist; cap-std TOCTOU-safe filesystem ops; append-only JSONL audit log. First piece of the Universal Agency Layer.

What's in this release

  • Per-project sandbox: bubblewrap foundation, per-folder RW/RO pills, Mirror (overlay) or Direct write modes with Apply / Discard
  • Per-project firewall — exact + .suffix host blocking via the local proxy (blocks render red in the live activity stream)
  • Per-project credential vault with a named-key allowlist
  • Bundled tool profiles: Terminal, Claude Code, VS Code, Cursor, Codex CLI, Continue.dev, Jupyter Lab, Browser, openclaw, Files (GUI), Files (CLI), Claude.ai (Web + Kiosk), ChatGPT (Web + Kiosk), GIMP, Blender, Krita, Audacity, LibreOffice, Obsidian, DaVinci Resolve
  • Add-Web-App wizard with three Window Modes (App window / Fullscreen / Kiosk); Remove-user-profile flow with atomic web-app data cleanup
  • envpod-mcp-server — stdio JSON-RPC MCP server with trust-mode-gated execute_command, cap-std TOCTOU-safe filesystem ops, append-only JSONL audit log
  • Activity stream, audit counters, workspace diff, JSON audit export
  • Signed auto-update (per-platform manifests on envpod.com)

Known limits (v0.0.6)

  • macOS universal DMG for v0.0.6 not shipped yet — Mac users stay on v0.0.5 until the follow-up build lands. Linux x86_64 + arm64 (.deb / .rpm / AppImage) are current at v0.0.6. Native Windows build lands in a future release.
  • Mirror-mode deletes don't propagate on Apply (additive sync only).
  • No GPG-signed apt/rpm repositories yet — verify with the published SHA256SUMS for now.
  • Snap-confined tools cannot be sandboxed — install .deb variants instead.
  • envpod-mcp-server: execute_command argv is currently a 28-command ReadOnly allowlist; full sandbox::effective integration + hub-side Confirmed approval channel land in v0.0.7.
Tier 2 · full · Linux servers & fleets

envpod CLI · CE

The full envpod engine, free and open-source. Foundation (OverlayFS COW) + four walls (processor / network / memory / devices) + governance ceiling (vault, action queue, audit, monitoring agent). Run it on a laptop, a Linux box, or a fleet — same binary, no license required.

Free · open-source

One-line install

Free — BSL 1.1 (converts to AGPL-3.0 on 2030-03-07) · GitHub-hosted releases
curl -fsSL https://envpod.dev/install.sh | sh
Installs the latest CE binary from github.com/markamo/envpod-ce to /usr/local/bin/envpod. Linux x86_64 + arm64. ~9 MB stripped. Requires kernel 5.15+, cgroups v2, OverlayFS, root for namespace setup.

What CE ships

  • Full pod model — envpod init / run / diff / commit / rollback / audit / lock + 17 more subcommands
  • OverlayFS COW filesystem isolation — agent writes go to overlay; you commit, rollback, or export
  • Network namespace + per-pod DNS resolver (whitelist / blacklist / remap / monitor) with anti-tunneling
  • Cgroup v2 CPU + memory + IO limits, seccomp-BPF syscall filtering, GPU / display / audio passthrough
  • ChaCha20-Poly1305 credential vault, action staging queue, monitoring agent, multi-layer audit
  • 68 example pod configs, snapshot + clone + base-pod tooling, port forwarding, pod discovery
⤓ Releases on GitHub envpod.dev →
Tier 3 · full + governance · enterprise fleets

envpod CLI · Premium

Everything CE ships, plus the governance, policy, identity, and fleet-control surfaces a real production runs into. Same Linux engine; a separate binary that gates the premium-only modules behind license activation.

Premium · $399 / seat / mo

One-line install

$399 / seat / month · proprietary license · 24h heartbeat against activate.envpod.dev
curl -fsSL https://premium.envpod.dev/install.sh | sh
envpod license activate <YOUR_KEY>
Installs the latest Premium binary from premium.envpod.dev (Linux x86_64 + arm64). Direct tarballs at /latest/ and per-version archives at /releases/.

What Premium adds on top of CE

  • OPA / Rego policy engine — 7 enforcement points (queue, vault, commit, DNS, L7, MCP, pod-to-pod) via regorus
  • OIDC / SSO — Okta, Azure AD, Google, Keycloak — pod-aware identity with signed JWTs
  • Vault proxy — transparent HTTPS MITM with per-pod ephemeral CA; agent never sees real API keys
  • Web dashboard, remote HTTP API, WebSocket relay (relay.envpod.dev) for cross-network pod control
  • envpod publish — Cloudflare Tunnel per pod with *.envpod.cloud URLs and an auth proxy
  • Headscale mesh networking, service proxy, governance scorecard, OWASP audit, OTLP export, parallel clone, IaC
  • Plus health checks, budget enforcement, port exposure firewall, Sealed Mode — full list at premium.envpod.dev
Buy Premium → premium.envpod.dev →

Report feedback

Desktop alpha: export any project's audit bundle from its card (⤓ Export JSON) and email it with a short description of what went wrong. CLI: open issues against github.com/markamo/envpod-ce for CE bugs and feature requests, or email Premium support directly. We read everything during alpha.