Kuse Cowork: Open-Source Desktop AI Agent Built in Rust with Docker Isolation

By Prahlad Menon 7 min read

Anthropic released Claude Cowork in early 2026 — a research preview that lets Claude act as a persistent desktop agent, working on long-running tasks with access to your local files, browser, and tools. It is impressive, but it requires Claude, it requires Anthropic’s servers, and it is not open source.

Kuse Cowork is the open-source answer. Same concept: a desktop agent that takes a task, plans it, uses tools to execute it, and returns results. Different choices: any LLM, your own API keys, local models supported, agent loop written in Rust, Docker isolation for all command execution, and a ~10MB app binary via Tauri.

It was built by Kuse, a company focused on AI document generation. Whether or not you use their commercial product, the open-source agent is genuinely worth understanding.

What It Actually Does

The pitch is straightforward: describe a task in plain English, point it at a folder, and the agent works through it autonomously.

Example tasks from the repo:

  • “Read all the receipts and make an expense report” — it reads every PDF/image, extracts line items, and outputs a formatted Excel file
  • “Summarize the meeting notes and give me all the TODOs” — reads transcripts, extracts action items, structures output
  • “Organize my folders” — scans directory structure, proposes and executes a reorganization

This is the same category of work as Claude Cowork or OpenAI’s Operator — long-horizon agentic tasks on local files — but running entirely on your machine with your choice of model.

The Technical Stack

The architecture is notably opinionated, and the choices are worth understanding:

Frontend: SolidJS + TypeScript Not React. SolidJS compiles to real DOM operations with no virtual DOM overhead — faster and smaller. For a desktop app where bundle size matters, this is the right call.

Backend: Rust + Tauri 2.0 The entire agent loop, tool executor, LLM client, Docker management, and MCP protocol handler are written in Rust. This means the app binary is ~10MB and startup is near-instant. The async runtime is Tokio. Local state lives in SQLite via a straightforward schema (conversations, messages, settings).

IPC: Tauri invoke/events Frontend and backend communicate via Tauri’s typed IPC — the frontend calls invoke() to trigger Rust commands, and the backend emits streaming events back (chat-stream, agent-event) that the UI subscribes to. This is SSE semantics but over a local socket rather than HTTP.

Tool execution: Docker containers Every shell command the agent runs executes inside a Docker container, completely isolated from the host. The Bollard crate handles Docker API calls from Rust. This is a real architectural commitment — it means you need Docker Desktop running, but it also means the agent cannot accidentally delete your system files even if the LLM hallucinates a destructive command.

The Agent Loop

The core loop lives in agent_loop.rs:

  1. Receive task description and project path from user
  2. Send to LLM with available tools listed in the system prompt
  3. Parse LLM response for tool calls
  4. Execute tool calls (file read/write/edit, bash, grep, glob, directory listing) — in Docker
  5. Return tool results to LLM
  6. Repeat until LLM returns a final answer with no tool calls

The built-in tools are deliberately minimal:

  • bash — execute shell commands (in Docker)
  • file_read, file_write, file_edit — file operations
  • glob — file pattern matching
  • grep — content search
  • list_dir — directory listing

This is enough to handle most document-processing and file-organization tasks. For anything more complex, you extend via Skills or MCP.

Skills and MCP

Skills are built-in capability extensions for document formats. The defaults are docx, pdf, pptx, xlsx — the agent can read and write real Office files, not just plain text. This matters: “generate an expense report” produces an actual .xlsx with formulas, not a CSV.

MCP (Model Context Protocol) support opens the agent to any external tool server. MCP is an emerging standard (pushed by Anthropic, adopted broadly) that lets LLMs call tools via a standardized JSON-RPC protocol. Kuse Cowork can connect to any MCP server — browse GitHub, run database queries, fetch web pages — without any agent-specific integration code.

The MCP client in Rust supports both HTTP transport and stdio (subprocess) transport, covering the two main MCP server patterns.

Model Support

This is the key practical advantage over Claude Cowork: any model works.

  • Anthropic Claude — direct API, any Claude model
  • OpenAI GPT — full support
  • Local models — Ollama, LM Studio, or any OpenAI-compatible endpoint
  • Custom APIs — configure any endpoint that speaks the OpenAI chat completions format

API keys are stored locally in SQLite and never sent anywhere except the provider you configure. No telemetry, no usage data to Kuse’s servers.

For privacy-sensitive use cases — processing legal documents, medical records, financial data — the combination of local model + Docker isolation + no telemetry is meaningfully better than any cloud-first agent.

What It Does Not Do (Yet)

This is an early-stage project (v0.0.2 at time of writing). A few gaps worth noting:

No computer use / browser control. Claude Cowork can control a web browser. Kuse Cowork cannot — it operates on files, not the screen. The roadmap mentions this but it is not there yet.

No long-term memory. Each task starts fresh. Conversation history is stored in SQLite but there is no RAG or embedding layer for semantic recall across sessions.

Setup is manual. There is no packaged installer yet — you clone the repo and run npm run tauri build. The roadmap mentions “one-click installation” as a near-term goal.

Docker required for full isolation. Without Docker Desktop running, commands execute without sandboxing. For local-model users on constrained hardware, running Docker alongside an LLM server adds overhead.

The Honest Comparison to Claude Cowork

Claude Cowork has better task performance for complex reasoning — Claude is the state-of-the-art model and Anthropic has tuned the agent loop specifically for it. Kuse Cowork running Claude via API is a fair comparison, but running a local 7B model is not.

What Kuse Cowork offers that Claude Cowork cannot:

  • True local-first operation (local models, no data leaving your machine)
  • Open-source and auditable
  • Runs on Linux (Claude Cowork is Mac-only for now)
  • Docker isolation as a hard security boundary
  • MCP extensibility without waiting for Anthropic to add integrations

For teams handling sensitive data or operating in air-gapped environments, the local-first story is not a nice-to-have — it is the only viable option.

Getting Started

Requirements: Node.js 18+, Rust (via rustup), Docker Desktop, Tauri prerequisites.

git clone https://github.com/kuse-ai/kuse_cowork.git
cd kuse_cowork
npm install
npm run tauri dev

Open Settings, add your API key (or configure Ollama endpoint), select a project folder, describe a task. That is it.

The repo is MIT licensed. The community Discord is active. It is early but it is real software.

FAQ

Is this safe to run on sensitive files? With Docker enabled, all command execution is isolated in containers. File access is scoped to the project folder you select. API keys go only to your configured provider. No telemetry leaves the app. That said, review any agent output before treating it as final — the agent loop can make mistakes.

Does it work with Ollama / local models? Yes. Configure any OpenAI-compatible endpoint in Settings. Point it at http://localhost:11434/v1 for Ollama. Task performance will depend heavily on the model — a capable 13B+ model is recommended for multi-step file tasks.

How does it compare to Open Interpreter? Open Interpreter is Python-based and focuses on code execution and general computer control. Kuse Cowork focuses specifically on document and file tasks, with native Office format support as a first-class feature. Kuse is also notably lighter (10MB vs Python environment) and has tighter Docker isolation.

What is the MCP support like in practice? Full HTTP and stdio transport are supported. You configure MCP servers in the Settings UI, and the agent automatically discovers and can call their tools. Any MCP-compatible server works without code changes to the agent.

Will it get computer use / browser control? The roadmap mentions it but gives no timeline. The architecture (Tauri + Rust backend) is well-suited for it — integrating with a browser automation library from Rust is tractable. Watch the repo.