The Construct is a single-binary CLI that boots a clean and isolated sandboxed container, preloaded with AI agents. It keeps your host free of dependency sprawl, adds optional network isolation, and works with Docker, Podman, or macOS native container runtime.
But, most importantly, it keeps your local machine safe from LLM prompt injection attacks, malware distributed this way, credentials stolen this way, and dangerous derps still being committed by AGENTS that can leave you without any of your files.
- One command to use any AGENT inside a secured, isolated sandbox. Agents spawn from the path where you call them, without a path escape.
- Zero Config: no complex setup. The Construct just works out of the box across macOS, Linux, and Windows (WSL).
- Auto-detection: Automatically detects and uses the best available container runtime (macOS native → Podman → Docker)
- Clean Slate: Ephemeral containers with persistent volumes for agents and packages
- Network Isolation: Optional
permissive,strict, orofflinenetwork modes with allow/block lists - SSH Agent Forwarding: Automatic detection and secure mounting of your SSH agent
- Full Clipboard Bridge: Text and image pasting support for Claude, Copilot, Gemini, Qwen, Pi, and OMP
- Agent Browser: Headless browser automation CLI for AI agents
- User-Defined Packages: Customize your sandbox with apt, brew, bun, npm, or pip packages
- Parallel Workflows: Git worktree management for parallel AI agent workflows
- Claude Code (
claude) – Full-code agent with strong editing/refactoring - Gemini CLI (
gemini) – Google Gemini models with CLI UX - Qwen Code (
qwen) – Alibaba Qwen models tuned for coding - GitHub Copilot CLI (
copilot) – GitHub Copilot with terminal helpers - Crush CLI (
crush) – Charmbracelet Crush coding agent - Pi Coding Agent (
pi) – General-purpose coding assistant - Oh My Pi (
omp) – Fork of Pi with Python/IPython and LSP support - Claude Code with other providers: Zai GLM, MiniMax M2, Kimi K2, Qwen, Mimo
- Full agent list →
# One-line installer (macOS & Linux)
curl -fsSL https://raw.githubusercontent.com/EstebanForge/construct-cli/main/scripts/install.sh | bash
# Or with Homebrew
brew install EstebanForge/tap/construct-cli# First-time setup (builds containers, installs agents)
construct sys init
# Run an agent
construct claude "Help me refactor this function"
# Use host aliases (after installation)
construct sys aliases --install
claude "Debug my API code" # Now available as short command# Strict network isolation (allowlist only)
construct claude -ct-n strict "Review my code"
# Offline run (no network)
construct gemini --ct-network offline "Explain this code"
# Update all agents
construct sys update
# Install custom packages
construct sys packages --install
# Edit configuration
construct sys config
# System health check
construct sys doctor| Topic | Description |
|---|---|
| Installation | Platform-specific installation, troubleshooting |
| Configuration | Complete config reference for all settings |
| Security | Container security, secret redaction, best practices |
| Topic | Description |
|---|---|
| Hide Secrets Mode | Prevent agents from seeing raw secrets (experimental) |
| Providers | Configure custom Claude API endpoints |
| Packages | User-defined package management |
| Architecture | Technical design and internals |
| Topic | Description |
|---|---|
| Agents | Complete list of supported agents |
| Clipboard | Clipboard bridge architecture |
| Development | Contributing and development guide |
| Contributing | Contribution guidelines |
# System commands
construct sys init # First-time setup
construct sys doctor # Health check
construct sys config # Edit configuration
construct sys update # Update agents
construct sys reset # Reset everything
# Agent commands
construct <agent> # Run an agent (e.g., construct claude, construct gemini)
construct sys aliases # Manage host aliases
construct sys agents-md # Manage AGENTS.md rules
# Development
construct sys rebuild # Rebuild containers
construct sys config --migrate # Migrate configuration
construct --help # Show all commandsBuilt-in protections:
- ✅ Container isolation (agents cannot escape project directory)
- ✅ Network isolation (permissive/strict/offline modes)
- ✅ Ephemeral containers (clean slate every run)
- ✅ No path escape (agents stay in project root)
- ✅ Secret redaction (experimental) - see docs
Build integrity:
- ✅ Automated CI/CD builds via GitHub Actions
- ✅ Reproducible builds traceable to source commits
- ✅ SHA256 checksums for release verification
Contributions are welcome! Please see:
MIT License - see LICENSE for details
Built with:
- ❤️ for the AI agent community
- 🐳 Docker/Podman container runtimes
- 🍎 Apple native container runtime (macOS 14+)
- 🔧 All the amazing AI agent developers
Documentation: docs/ | Issues: GitHub Issues | Releases: GitHub Releases