An intelligent shell for humans and AI agents
Features Β· Install Β· Quick Start Β· Configuration Β· Agent Mode Β· Contributing
OmniShell is a modern, secure, and intelligent shell built in pure Rust. It powers three very different use cases with a single binary:
- π§ Kids mode β a safe, sandboxed playground for children learning Linux
- π€ Agent mode β structured JSON I/O for AI agents and automation pipelines
- β‘ Admin mode β a full-power POSIX shell for experienced users
For parents and educators: Give kids a real terminal experience without the risk. Kids mode uses a strict allowlist β only safe commands like ls, cat, echo, cowsay β with a built-in AI tutor that explains commands in age-appropriate language.
For AI/ML engineers: OmniShell's agent mode speaks JSON. Every command returns a structured envelope with exit code, stdout, stderr, and timing. Pipe commands together, check results programmatically, and let your AI agents operate a real shell safely behind a blocklist that prevents sudo, rm -rf /, and other destructive operations.
For system administrators: Admin mode is a full POSIX shell with pipes, redirections, if/while/for/case, command substitution, arithmetic, functions, and tab completion β backed by a modern Rust implementation with no C dependencies.
Full POSIX shell scripting that works the way you expect:
# Pipes
echo hello | tr a-z A-Z
# Variables and substitution
name=$(whoami)
echo "Hello, $name"
# Conditionals
if [ -f /etc/hostname ]; then
echo "Hostname file exists"
fi
# Loops
for file in *.txt; do
echo "Found: $file"
done
# Arithmetic
echo "Total: $((count + 1))"
# Functions
greet() { echo "Hello, $1!"; }
greet world
# Case with glob patterns
case $ext in
*.txt) echo "Text file" ;;
*.rs) echo "Rust source" ;;
esac| Mode | Strategy | Enforced By |
|---|---|---|
| Kids | Strict allowlist | Only explicitly permitted commands run |
| Agent | Blocklist | sudo, rm -rf /, and dangerous flags are blocked |
| Admin | No restrictions | Full access |
Every command passes through the ACL engine before execution β in both interactive and non-interactive mode.
Built-in AI assistant accessible from the prompt:
admin$ ? how do I find large files
Each mode gets a different AI personality:
- Kids: Patient, encouraging tutor with age-appropriate explanations
- Agent: Precise, structured responses optimized for programmatic use
- Admin: Concise, technical answers
Works with OpenAI, Anthropic, Ollama, or any OpenAI-compatible API. See Configuration.
Kids mode runs commands in an isolated Linux namespace sandbox:
- Separate mount namespace (read-only system dirs)
- Separate PID namespace (process limits)
- Separate network namespace (network disabled)
- File size and process count resource limits
Note: Sandboxing currently works on Linux only. macOS and Windows support is planned.
Every command execution is logged with:
- Timestamp, command, exit code
- ACL verdict (allowed/denied)
- Working directory, duration
- Mode at time of execution
Logs are stored per-mode in JSONL format under $XDG_DATA_DIR/omnishell/audit/.
Each mode maintains its own command history file:
~/.local/share/omnishell/history_kids.jsonl~/.local/share/omnishell/history_agent.jsonl~/.local/share/omnishell/history_admin.jsonl
History entries include command, timestamp, exit code, and working directory.
git clone https://github.com/vincents-ai/omnishell.git
cd omnishell
nix develop --command bash -c "cargo build --release"
./target/release/omnishell- Linux (macOS/Windows planned)
- Nix (for reproducible builds)
- Rust 1.70+ (via Nix devShell)
# Interactive shell (default: admin mode)
omnishell
# Kids mode (safe for children)
omnishell --mode kids
# Agent mode (for AI pipelines)
omnishell --mode agent
# Run a single command
omnishell -c "echo hello | tr a-z A-Z"
# With a specific profile
omnishell --profile kids
# Disable AI features
omnishell --no-llm| Command | Description |
|---|---|
? / ai <prompt> |
Ask the AI assistant |
help |
Show available commands |
mode |
Show current mode |
mode kids |
Switch to kids mode |
snapshots |
List command snapshots |
undo / redo |
Undo/redo last command |
exit |
Exit the shell |
OmniShell loads config from (later overrides earlier):
/etc/omnishell/config.tomlβ system-wide defaults~/.config/omnishell/config.tomlβ user overrides--config pathβ CLI override
Both TOML and JSON are supported.
default_profile = "kids"
[llm]
provider = "ollama"
model = "llama3"
api_base = "http://localhost:11434"
temperature = 0.3
max_tokens = 256
[profile.kids]
mode = "kids"
username = "child"
display_name = "Kids Mode"
age = 7
[profile.agent]
mode = "agent"
[profile.admin]
mode = "admin"default_profile = "agent"
[llm]
provider = "openai"
model = "gpt-4o"
api_key = "" # Prefer OMNISHELL_LLM_API_KEY env var
[profile.agent]
mode = "agent"See docs/configuration.md for the full reference and docs/examples/ for more configs.
Agent mode is designed for AI agents and automation:
Input: Standard POSIX shell syntax.
Output: JSON envelope on stderr:
{"type":"error","command":"ls","stdout":"","stderr":"...","exitCode":0,"durationMs":42}Error handling: Blocked commands return exit code 126 with a structured message.
Non-interactive usage:
omnishell --mode agent -c "cargo build 2>&1"
echo $? # exit codeuse omnishell::{OmniShellConfig, AclEngine, Mode, Verdict};
let acl = AclEngine::new(Mode::Agent);
match acl.evaluate("sudo rm -rf /") {
Verdict::Deny(reason) => println!("Blocked: {}", reason),
Verdict::Allow => println!("Allowed"),
}omnishell binary
βββ OmniShellLang (POSIX shell evaluator)
β βββ Pipes, if/while/for/case, &&, ||
β βββ $(cmd) and $((expr)) expansion
β βββ break/continue, test/[ builtin
β βββ Function definitions
β βββ ACL enforcement per-mode
βββ shrs (readline, prompt, keybindings)
βββ CompletionEngine (mode-aware tab completion)
βββ History (mode-separated JSONL persistence)
βββ SnapshotEngine (git-based undo via gitoxide)
βββ AuditLogger (JSONL audit trail)
βββ Sandbox (Linux namespace isolation)
βββ LLM Integration (OpenAI/Anthropic/Ollama/Custom)
| Platform | Shell | ACL | LLM | Sandbox |
|---|---|---|---|---|
| Linux | β | β | β | β |
| macOS | β | β | β | π Planned |
| Windows | π | β | β | π Planned |
OmniShell is dual-licensed under AGPL-3.0-or-later or a commercial license from Vincent Palmer. See the LICENSE file for details.
Built with β€οΈ by vincents-ai using shrs, gitoxide, and pure Rust.