Loom v0.7.4 is out for macOS, Linux and Windows

Capabilities

Six agents. Nothing on trust.

Loom drives a fleet that edits files and runs commands, so the guardrails are structural: keys in the OS keychain, a secret-path deny-list, an SSRF-guarded proxy, and an authorization check on every operation.

The guardrails

Built in, not bolted on.

An app that runs six autonomous coding sessions has to assume one of them will eventually do something silly. These limits hold regardless of what any model decides.

Keychain-only keys

Provider keys are stored in the OS keychain and nowhere else. Not in config files, not in plain text, not anywhere a session could read them by accident.

Secret-path deny-list

Known secret paths are blocked for reads and writes alike, so a session can neither leak a credential nor overwrite one.

SSRF-guarded proxy

Outbound HTTP flows through a Rust proxy that guards against server-side request forgery, instead of letting requests go wherever they were told to.

Scope

Every operation checks the registry.

Autonomy is only safe inside a boundary. In Loom that boundary is explicit, enforced, and the same for you and the fleet.

Workspace authorization

Every file, git, and shell operation is checked against the registry of workspaces you authorized. Outside that list, it does not run. See workspaces.

Careful auto-accept

When auto-accept answers a Claude Code prompt, it presses only the safe affirmative. It is toggleable, and shift+tab cycles one terminal's permission mode. See permission modes.

No telemetry

No analytics, no tracking, and no account beyond your Claude login. What the fleet does on your machine stays on your machine. See privacy.

Open for inspection

None of this asks for your faith. Loom Conductor is Apache-2.0 and the entire app is public: the Tauri shell, the Rust core, and the React front end alike. You can read the proxy, read the deny-list, and read the keychain calls before you run any of them. And because the app is free with no account of its own, there is no sign-up form collecting your email and no server of ours holding your data, since there is no server of ours at all.

Hand it the work.
Walk away.

macOS, Linux, and Windows. Around 13 MB. Free and open source.