The design is about isolation for cooperation. Biological cells are exactly that: membrane-bounded units with selective permeability that compose into organisms.
A biological cell is a membrane-bounded unit with selective permeability — it controls what passes in and out, not to restrict, but so that the cell can do its work without interference. Cells compose into tissues, tissues into organs, organs into organisms. The membrane is what makes cooperation possible. Without it, everything bleeds together and nothing works.
Cellblock applies this principle to software agents. Each agent runs inside a cell — an isolated environment with a controlled view of the filesystem, the network, and the tools available to it. Cells can be local (a Docker container on your laptop) or remote (a machine on Fly.io). The interface is the same. Cells communicate through messages, not shared state. They can crash and restart. They are supervised.
Alan Kay saw this decades ago: computation as biology, not machinery. Objects as cells passing messages through membranes, not data structures exposing their internals. The internet as a living system, not a switchboard. We think agent computing is arriving at the same insight — and the same architecture.
Like the OSI network model, agent tooling separates into layers with defined interfaces:
| Tier | Layer | Examples |
|---|---|---|
| 0 | Infrastructure | Docker, Fly, Firecracker |
| 1 | Isolation | cellblock (this project) |
| 2 | Worktree/Terminal | workmux, tmux |
| 3 | Orchestration | vibe-kanban, claude-flow |
| 4 | UI | LiveView, web dashboard |
Each tier provides services to the tier above. Swap any layer without affecting others. Cellblock focuses on Tier 1 — container isolation with a clean interface so higher tiers can use it without coupling to Docker internals.
Go CLI (single binary). Docker backend with nix overlays for copy-on-write isolation. Per-project sandboxes via config.
# Build the container image
cellblock image build
# Initialize shared Linux nix store (one-time)
cellblock nix init
# Open a shell in a container for the current project
cellblock shell
# Run an agent
cellblock run claude-code# Add to ~/.zshrc or ~/.bashrc:
complete -C cellblock -o nospace cellblockHomebrew (macOS/Linux):
brew install ijcd/tap/cellblockFrom source:
go install github.com/ijcd/cellblock/cmd/cellblock@latestNix:
nix run github:ijcd/cellblockReleases: Download binaries from GitHub Releases
~/.config/cellblock/config.yaml:
defaults:
image: cellblock:latest
ssh_agent: true
nix_provider: linux-volume
network: bridge
claude_config: ~/.claude
projects:
treehouse:
path: ~/work/treehouse
env: [MIX_ENV=dev]cellblock is designed to complement workmux, not replace it.
# .workmux.yaml (in your project root)
agent: cellblock run claude-codeworkmux manages worktrees + tmux. cellblock sandboxes the agent command. One line integration.
- Architecture — tool tiers model
- Data Model — entities, relationships, design principles
| # | Plan | Tier | Status |
|---|---|---|---|
| 001 | Phase 1 | 1 | ✅ Done |
| 002 | Watchdog | 1 | 📋 Aspirational |
| 004 | Remote Isolators | 1 | 📋 Designed |
| 005 | Go Rewrite | 1 | ✅ Done |
| 006 | Landscape + workmux | - | 📋 Research |