envpod · Three ways to run

Pick your tier.
Download & Install.

envpod ships in three flavors so you can pick the smallest surface that fits the work. Lite for the workstation; full CLI for your Linux servers; Premium when you need governance, policy, and fleet-scale control.

Desktop · lite $20 / user / mo · free alpha · macOS + Linux CLI · CE (free) full envpod · Linux x86_64 + arm64 CLI · Premium $399 / seat / mo · everything in CE + governance

What's in each tier

A quick snapshot. Each section below has the full story.

Desktop CLI · CE CLI · Premium
Per-project sandbox + Personal AI Shield UI
Full pod model (foundation + four walls + governance ceiling)
OverlayFS COW, namespaces + cgroups, network isolation, vault, audit
OPA/Rego policy, OIDC/SSO, vault proxy, governance scorecard, OTLP
Web dashboard + remote control + WebSocket relay + envpod publish
PlatformsmacOS · Linux x86_64/arm64Linux x86_64/arm64Linux x86_64/arm64
Price$20 / user / mo
free during alpha		Free$399 / seat / mo
Tier 1 · lite · workstation

envpod Desktop · Personal AI Shield

A single-user workstation app. Sandbox every AI tool you run on your machine — Claude Code, VS Code, Cursor, Codex CLI, Continue.dev, Jupyter, Browser. The lite feature set; the CLI tiers below add the full pod model.

v0.0.3-alpha · macOS universal + Linux x86_64 / arm64 · alpha testing
.dmg · macOS 11+ · universal
19 MB · Intel + Apple silicon
Signed + notarized + stapled universal disk image. Drag the app into /Applications; Gatekeeper-clean offline.
⤓ Download .dmg
sha256 b32a23bbf53c3cfd0b596cc3ca72fbcc025753aa8cc59ea5872ce9454b1fca82
AppImage · any Linux
82 MB · amd64
Portable single-file binary. No install. Make executable and run.
⤓ Download AppImage
sha256 ef862daaa8c9acc6dac581a53078ffb44cdee9deebc878958db8e4abca4e8efc
.deb · Ubuntu, Debian, Mint
9.0 MB · amd64
Debian package with desktop-file integration. Installs to /usr/bin/envpod-desktop.
⤓ Download .deb
sha256 88571c5bab063c67517c715f7e96bd8254773958ab7472f60ea5f081c6414e9c
.deb · Ubuntu, Debian, Mint
8.7 MB · arm64
Debian package for arm64 (Raspberry Pi 4/5, Ampere, AWS Graviton). Installs to /usr/bin/envpod-desktop.
⤓ Download .deb (arm64)
sha256 452ab5a6fce0b14b97b2d6b36a33b88ebcd80353dd740438e09d408b315b72db
.rpm · Fedora, RHEL, openSUSE
9.0 MB · x86_64
RPM package with desktop-file integration. Installs to /usr/bin/envpod-desktop.
⤓ Download .rpm
sha256 bef4891879663114d673c3f254d0703959850ed931b48a5235891a442f45d208
.rpm · Fedora, RHEL, openSUSE
8.7 MB · aarch64
RPM package for aarch64. Installs to /usr/bin/envpod-desktop.
⤓ Download .rpm (aarch64)
sha256 f9102f0a31aedf011511fa17dbd3ecce3011f85fa45fa3e4783aa478ed35c112

All six files in one list: SHA256SUMS  ·  Verify with sha256sum -c SHA256SUMS

Quick install

macOS (universal, Intel + Apple silicon):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.3-alpha_universal.dmg -o envpod-desktop.dmg
open envpod-desktop.dmg
# drag envpod-desktop.app into /Applications

AppImage (portable, no install):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.3-alpha_amd64.AppImage -o envpod-desktop.AppImage
chmod +x envpod-desktop.AppImage
./envpod-desktop.AppImage

Ubuntu / Debian (amd64):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.3-alpha_amd64.deb -o envpod-desktop.deb
sudo apt install ./envpod-desktop.deb

Ubuntu / Debian (arm64):

curl -fsSL https://envpod.com/download/envpod-desktop_0.0.3-alpha_arm64.deb -o envpod-desktop.deb
sudo apt install ./envpod-desktop.deb

Fedora / RHEL / openSUSE (x86_64):

curl -fsSL https://envpod.com/download/envpod-desktop-0.0.3-alpha-1.x86_64.rpm -o envpod-desktop.rpm
sudo dnf install ./envpod-desktop.rpm

Fedora / RHEL / openSUSE (aarch64):

curl -fsSL https://envpod.com/download/envpod-desktop-0.0.3-alpha-1.aarch64.rpm -o envpod-desktop.rpm
sudo dnf install ./envpod-desktop.rpm

Runtime requirements

  • bubblewrap 0.9.0 or newer  (apt install bubblewrap / dnf install bubblewrap)
  • Ubuntu 24.04+: unprivileged user namespaces must be allowed. If the app's preflight screen shows the apparmor_restrict_unprivileged_userns warning, run the exact sysctl it prints.
  • For VS Code / Cursor: install the .deb from Microsoft's repo (not the snap — snap-confined tools can't be sandboxed in this release).

Get a license

Alpha is free to try. The paid tier unlocks unlimited projects, Mirror (overlay) write mode, per-project firewall, and per-project vault allowlist.

Desktop
$20 / user / mo
Personal AI Shield. Every paid feature the alpha gates currently refuse.
  • Unlimited projects
  • Mirror write mode
  • Per-project firewall
  • Per-project vault allowlist
Buy Desktop →

Already have a license? Activate it in the app's Account panel under Advanced. Paid features unlock immediately on activation — same Linux binary either way.

What's in this release

  • Per-project sandbox: bubblewrap foundation, per-folder RW/RO pills, Mirror (overlay) or Direct write modes with Apply / Discard
  • Per-project firewall — exact + .suffix host blocking via the local proxy (blocks render red in the live activity stream)
  • Per-project credential vault with a named-key allowlist
  • 8 bundled tool profiles: Terminal, Claude Code, VS Code, Cursor, Codex CLI, Continue.dev, Jupyter Lab, Browser
  • Activity stream, audit counters, workspace diff, JSON audit export
  • Linux arm64 packages (Raspberry Pi 4/5, Ampere, AWS Graviton) — new in v0.0.3
  • 135 unit tests green at ship

Known limits (v0.0.3-alpha)

  • macOS universal + Linux x86_64 / arm64. Native Windows build lands in a future release.
  • Mirror-mode deletes don't propagate on Apply (additive sync only — deferred to v0.0.4).
  • No GPG-signed apt/rpm repositories yet (v0.0.5).
  • Snap-confined tools cannot be sandboxed — install .deb variants instead.
Tier 2 · full · Linux servers & fleets

envpod CLI · CE

The full envpod engine, free and open-source. Foundation (OverlayFS COW) + four walls (processor / network / memory / devices) + governance ceiling (vault, action queue, audit, monitoring agent). Run it on a laptop, a Linux box, or a fleet — same binary, no license required.

Free · open-source

One-line install

Free — BSL 1.1 (converts to AGPL-3.0 on 2030-03-07) · GitHub-hosted releases
curl -fsSL https://envpod.dev/install.sh | sh
Installs the latest CE binary from github.com/markamo/envpod-ce to /usr/local/bin/envpod. Linux x86_64 + arm64. ~9 MB stripped. Requires kernel 5.15+, cgroups v2, OverlayFS, root for namespace setup.

What CE ships

  • Full pod model — envpod init / run / diff / commit / rollback / audit / lock + 17 more subcommands
  • OverlayFS COW filesystem isolation — agent writes go to overlay; you commit, rollback, or export
  • Network namespace + per-pod DNS resolver (whitelist / blacklist / remap / monitor) with anti-tunneling
  • Cgroup v2 CPU + memory + IO limits, seccomp-BPF syscall filtering, GPU / display / audio passthrough
  • ChaCha20-Poly1305 credential vault, action staging queue, monitoring agent, multi-layer audit
  • 68 example pod configs, snapshot + clone + base-pod tooling, port forwarding, pod discovery
⤓ Releases on GitHub envpod.dev →
Tier 3 · full + governance · enterprise fleets

envpod CLI · Premium

Everything CE ships, plus the governance, policy, identity, and fleet-control surfaces a real production runs into. Same Linux engine; a separate binary that gates the premium-only modules behind license activation.

Premium · $399 / seat / mo

One-line install

$399 / seat / month · proprietary license · 24h heartbeat against activate.envpod.dev
curl -fsSL https://premium.envpod.dev/install.sh | sh
envpod license activate <YOUR_KEY>
Installs the latest Premium binary from premium.envpod.dev (Linux x86_64 + arm64). Direct tarballs at /latest/ and per-version archives at /releases/.

What Premium adds on top of CE

  • OPA / Rego policy engine — 7 enforcement points (queue, vault, commit, DNS, L7, MCP, pod-to-pod) via regorus
  • OIDC / SSO — Okta, Azure AD, Google, Keycloak — pod-aware identity with signed JWTs
  • Vault proxy — transparent HTTPS MITM with per-pod ephemeral CA; agent never sees real API keys
  • Web dashboard, remote HTTP API, WebSocket relay (relay.envpod.dev) for cross-network pod control
  • envpod publish — Cloudflare Tunnel per pod with *.envpod.cloud URLs and an auth proxy
  • Headscale mesh networking, service proxy, governance scorecard, OWASP audit, OTLP export, parallel clone, IaC
  • Plus health checks, budget enforcement, port exposure firewall, Sealed Mode — full list at premium.envpod.dev
Buy Premium → premium.envpod.dev →

Report feedback

Desktop alpha: export any project's audit bundle from its card (⤓ Export JSON) and email it with a short description of what went wrong. CLI: open issues against github.com/markamo/envpod-ce for CE bugs and feature requests, or email Premium support directly. We read everything during alpha.