Multitui is a macOS app factory that wraps command-line programs in highly-customizable terminal apps with built-in filesystem sandboxing and network filtering. It targets developers who need to run TUIs like AI coding agents (Claude Code, Codex), git interfaces (lazygit), or disk usage explorers (dua) without compromising their system's security. The core value is achieving protection without altering your existing workflow—you keep using your favorite terminal emulator while Multitui adds a safety layer. Each generated app is a fully native macOS bundle with dock icons, Spotlight integration, and proper window management, making TUI programs feel like first-class citizens on your Mac.
The primary problem Multitui solves is the inherent risk of running untrusted terminal programs, especially AI agents that roam your filesystem and network. Developers using tools like Claude Code or Codex need to grant file access and network permissions, but doing so exposes their entire system to accidental deletions, edits, or secret leaks. Multitui addresses this by applying a default-deny policy for writes and deletes, and by filtering outbound network traffic. This means AI agents can help with code reviews or file operations only within explicitly allowed project folders, and API keys remain hidden even if an agent tries to exfiltrate them. The result is that developers can embrace AI coding tools without the anxiety of system compromise.
The first major feature group is Filesystem Sandbox, powered by macOS's sandbox-exec. It enforces a default deny for writes and deletes across the entire user folder, then allows targeted read or write access only to specified paths like project directories. A live deny log shows every blocked action, and you can add an allow rule with one click. This is useful because you can create a separate app for each project, minimizing access further. For example, an app for Claude Code might only read and write to /Users/you/project-x, while another app for lazygit can access your entire home folder for git operations. The flexibility extends to an optional --dangerously-skip-permissions flag for quick testing while still protecting critical files.
The second major feature group is Network Sandbox combined with a Secrets Filter. The network sandbox lets you block all outbound traffic or set domain-level rules so only trusted hosts can be reached. The secrets filter, powered by gitleaks, automatically scans outbound network traffic for API keys, tokens, and credentials before they leave your machine. This pairs with the filesystem sandbox to create a zero-trust environment: nothing leaves without your explicit permission. Why this matters is that many AI agents fetch dependencies or send telemetry—with Multitui you can allow only known hosts like GitHub or PyPI while blocking everything else, preventing data exfiltration even if an agent is compromised.
admin
The third feature group encompasses first-class macOS integration and per-app customization. Each TUI becomes a dedicated .app bundle with its own dock icon, Spotlight searchability, and seamless window management that works with Rectangle and Magnet. Finder integration includes a toolbar button, right-click context menu, and drag-to-dock launching. Apps can register as file handlers for specific document types, and you can open folders via URL scheme (claudecode://open?arg=/path) or AppleScript. Furthermore, each app maintains its own shell history and snippets, completely isolated from your main shell. This means commands used in your production app won't appear in your development app, preventing accidental cross-execution.
Multitui works by taking an existing TUI program and generating a standalone macOS app with a configurable sandbox profile. You choose the program (e.g., Claude Code, nano, top), set sandbox rules for filesystem and network, and customize the app's style—window, HUD, menu bar, or document mode. Each app can have its own theme (highly customizable colors), custom icon, and global keyboard shortcut for instant launch. The sandbox profile is a simple text representation of macOS sandbox-exec parameters, which Multitui manages per-app. You don't need to launch a container or VM; it acts as a general shell with your existing CLI tools but prevents unintended damage. The live deny log gives you real-time visibility into blocked operations, and you can adjust rules on the fly.
Concrete use cases include running AI coding agents like Claude Code in a sandboxed app that only accesses your project folder while blocking all network traffic except to Anthropic's API. Another scenario is using lazygit for git operations on multiple repositories, each with its own app and isolated history. DevOps engineers can create separate apps for production and staging environments, differentiated by background color (e.g., red for production) to avoid costly mistakes. System monitors like top, htop, and snitch become dedicated windows with global keyboard shortcuts, always on top. For file editing, apps for nano or treemd can open documents directly from Finder, and SQLite exploration with harlequin can be confined to specific databases. The outcome is a safer, more organized terminal workspace where each tool has its own space and security boundaries.
Multitui is designed for macOS developers, DevOps engineers, system administrators, and security-conscious power users who rely on command-line tools and AI agents. It complements existing terminals like iTerm2, Ghostty, Alacritty, and Terminal.app—it does not replace them. The platform is macOS-only, leveraging native sandbox-exec and AppleScript integration. Pricing is not explicitly listed on the site, but the tool is available for download with a 'Send Link' option. It works with Little Snitch for additional per-app network control. The takeaway is that Multitui gives you the safety of sandboxing without changing your workflow, letting you run untrusted TUIs with confidence and keep your development environment intact.
Multitui is built for macOS developers, DevOps engineers, system administrators, and security-conscious power users who use command-line tools and AI coding agents. It is ideal for anyone who runs TUI programs like Claude Code, Codex, lazygit, or system monitors and wants to contain their access. The tool is also valuable for teams that need to enforce sandboxing policies across projects, such as platform engineering teams or security audits. It complements existing terminal emulators (iTerm2, Ghostty, Alacritty, Terminal.app) and integrates with Little Snitch for additional control.