A Podman Desktop extension that provides point-and-click management of OpenShell (LobsterTrap midstream fork) β the safe, private runtime for autonomous AI agents.
Start, stop, destroy, select, and configure OpenShell gateways directly from Podman Desktop. The gateway is the control-plane container that coordinates sandbox lifecycle and acts as the auth boundary.
- Start Gateway β Interactive form for name, port, GPU passthrough, and remote deployment
- Stop Gateway β Gracefully stop a running gateway (preserves state)
- Destroy Gateway β Permanently delete a gateway and all its state
- Select Gateway β Switch between multiple configured gateways
- Add Gateway β Register an existing gateway (local, remote mTLS, or edge-authenticated)
- Gateway Info β View detailed gateway configuration and status
Create, delete, connect to, and inspect sandboxes β isolated container environments for AI agents with policy-enforced security.
- Create Sandbox β Guided wizard: select agent (Claude, Codex, Copilot, OpenCode), choose image source (default, community, custom, local Dockerfile), attach providers, configure GPU/policy
- Delete Sandbox β Multi-select deletion with confirmation
- Connect to Sandbox β Open a terminal session to a running sandbox
- List Sandboxes β Interactive webview table with status, ID, age, and action buttons
- Sandbox Details β Inspect sandbox configuration and metadata
- Execute in Sandbox β Run commands inside a running sandbox
Create, update, delete, and inspect credential providers β named credential bundles (API keys, tokens) injected into sandboxes at runtime.
- Create Provider β Select type (Claude, OpenAI, Anthropic, GitHub, NVIDIA, etc.), choose credential source (auto-discover from environment or manual entry)
- Update Provider β Re-discover credentials or manually update key-value pairs
- Delete Provider β Multi-select deletion
- List Providers β Interactive webview table with type and action buttons
- Provider Details β Inspect provider configuration (credentials are never displayed)
Access the OpenShell TUI β a real-time terminal dashboard for monitoring gateways, sandboxes, and providers, inspired by k9s.
- Native Terminal β Launch
openshell termin your system terminal emulator (recommended for full interactivity) - Embedded Viewer β Simplified status viewer inside Podman Desktop with keyboard shortcut reference
View and stream sandbox logs with filtering and search.
- Snapshot mode β Fetch the last N log lines
- Tail mode β Stream live logs in real-time
- Filters β By source (gateway/sandbox), level (error/warn/debug), and time range
- Search β Full-text search with highlighting
- Color coding β Error (red), warn (yellow), debug (blue), trace (gray)
Comprehensive diagnostics viewer aggregating output from multiple OpenShell diagnostic commands.
- System Check (
openshell doctor check) β Validate prerequisites: container runtime installed, running, and reachable - Gateway Status (
openshell status) β Current gateway health and configuration - Gateway Logs (
openshell doctor logs) β Recent gateway container logs - Quick Check β One-click doctor check from the command palette
- Collapsible sections β Each diagnostic section can be expanded/collapsed independently
- Re-run button β Refresh all diagnostics with one click
A persistent status bar indicator showing the current gateway state:
β runningβ Gateway is active and healthyβ stoppedβ No gateway detected- Click to open the full status view
(TODO: Add screenshots once the extension is built and running)
- Podman Desktop v0.0.1+
- Podman or Docker installed and running
- OpenShell CLI installed (or the extension will offer to install it)
(Coming soon β once published to the Podman Desktop extension registry)
-
Clone this repository:
git clone https://github.com/LobsterTrap/podman-desktop-extension-openshell.git cd podman-desktop-extension-openshell -
Install dependencies and build:
npm install npm run build
-
Install in Podman Desktop:
- Open Podman Desktop β Settings β Extensions
- Click "Install a new extension from OCI Image" or drag the
.cdixfile
If you don't have openshell installed, the extension will prompt you to install it. You can also install it manually:
Binary (recommended):
curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | shFrom PyPI (requires uv):
uv tool install -U openshellFedora/RHEL via COPR:
sudo dnf copr enable maxamillion/openshell
sudo dnf install openshell- Start a gateway: Open the command palette (
Ctrl+Shift+P) βOpenShell: Start Gateway - Create a sandbox:
OpenShell: Create Sandboxβ Select an agent (Claude, Codex, etc.) - Monitor:
OpenShell: DiagnosticsorOpenShell: Open Terminal UI
All commands are available from the command palette (Ctrl+Shift+P / Cmd+Shift+P):
| Command | Description |
|---|---|
OpenShell: Start Gateway |
Deploy a new gateway |
OpenShell: Stop Gateway |
Stop the active gateway |
OpenShell: Destroy Gateway |
Permanently destroy a gateway |
OpenShell: Select Gateway |
Switch between gateways |
OpenShell: Gateway Info |
View gateway details |
OpenShell: Add Gateway |
Register an existing gateway |
OpenShell: Create Sandbox |
Create a new sandbox |
OpenShell: Delete Sandbox |
Delete sandbox(es) |
OpenShell: Connect to Sandbox |
Open a terminal to a sandbox |
OpenShell: List Sandboxes |
View all sandboxes |
OpenShell: Sandbox Details |
Inspect a sandbox |
OpenShell: Execute in Sandbox |
Run a command in a sandbox |
OpenShell: Create Provider |
Create a credential provider |
OpenShell: Delete Provider |
Delete provider(s) |
OpenShell: List Providers |
View all providers |
OpenShell: Provider Details |
Inspect a provider |
OpenShell: Update Provider |
Update provider credentials |
OpenShell: View Logs |
Open the log viewer |
OpenShell: Open Terminal UI |
Launch the TUI |
OpenShell: Diagnostics |
Open diagnostics panel |
OpenShell: Doctor Check |
Quick system check |
OpenShell: Show Status |
Full status overview |
Settings are available in Podman Desktop β Settings β Preferences β OpenShell:
| Setting | Default | Description |
|---|---|---|
openshell.binary.path |
(auto-detect) | Custom path to the openshell binary |
openshell.gateway.name |
openshell |
Default gateway name |
openshell.gateway.port |
8080 |
Default gateway port |
openshell.gateway.gpu |
false |
Enable NVIDIA GPU passthrough by default |
openshell.sandbox.defaultAgent |
(none) | Default agent for sandbox creation |
openshell.logs.defaultLines |
200 |
Default number of log lines to fetch |
openshell.diagnostics.autoRun |
false |
Auto-run doctor check on activation |
openshell.tui.theme |
auto |
TUI color theme (auto/dark/light) |
The extension is a thin GUI layer over the openshell CLI. All operations call extensionApi.process.exec() to invoke the binary, parse its output, and present results through Podman Desktop's UI primitives:
Extension OpenShell CLI
βββββββββββββββββββββββ βββββββββββββββ
β GatewayManager βββexecβββ β gateway β
β SandboxManager βββexecβββ β sandbox β
β ProviderManager βββexecβββ β provider β
β LogViewer βββexecβββ β logs β
β DiagnosticsViewer βββexecβββ β doctor β
β TuiTerminal βββspawnβββ β term β
β StatusBar βββexecβββ β status β
β SandboxTerminal βββssh2ββββ β ssh-proxy β
βββββββββββββββββββββββ βββββββββββββββ
β β
βΌ βΌ
Podman Desktop APIs SSH tunnel to
(provider, commands, sandbox container
webviews, process, (via HTTP CONNECT
context, statusbar, through gateway)
progress, dialogs)
The sandbox terminal uses a custom architecture for full interactive SSH
sessions: openshell ssh-proxy is spawned as a child process, its stdio
is wrapped as a Node.js Duplex stream, and the ssh2 library speaks
SSH protocol over that stream β no system SSH binary or node-pty needed.
See DESIGN.md Β§5.4 for the full connection flow.
See DESIGN.md for the full architecture documentation.
- Node.js 18+
- npm or pnpm
npm install
npm run build # Build for production
npm run watch # Build with watch mode for developmentnpm test # Run tests
npm run test:watch # Watch modesrc/
βββ extension.ts # Activation entry point β wires everything together
βββ openshell-cli.ts # Typed wrapper around the openshell binary
βββ gateway-manager.ts # Gateway CRUD + lifecycle UI
βββ sandbox-manager.ts # Sandbox CRUD + lifecycle UI
βββ sandbox-terminal.ts # Interactive SSH terminal (ssh2 + xterm.js)
βββ provider-manager.ts # Provider CRUD UI
βββ log-viewer.ts # Log streaming webview with auto-refresh
βββ diagnostics.ts # Diagnostics aggregation webview
βββ tui-terminal.ts # TUI native terminal launcher
βββ status-bar.ts # Status bar indicator with polling
βββ util.ts # Shared utilities (error handling, HTML escaping)
Contributions are welcome! Please see the OpenShell CONTRIBUTING.md for guidelines.