Hand off computer tasks to an AI coworker β watch it work, approve from anywhere.
An open-source, cross-platform agentic coworker that sees a screen and acts on it β your own desktop, a cloud VM, or a browser. It streams every step live, s for your approval, and keeps spend visible and capped.
Runs on the Coasty Computer Use API out of the box β or bring your own LLM (OpenRouter Β· OpenAI Β· a local model). Your call.
Quickstart Β·
Β·
Bring your own LLMΒ·
Automate your PCΒ·
FeaturesHow it worksΒ·
Docs
Prereqs:Node β₯ 22.5 (we use 24) Β· pnpm 10 (corepack enable
).
git clone https://github.com/coasty-ai/open-cowork.git && cd open-cowork
pnpm install # one install for the whole monorepo
pnpm desktop # β runs the desktop app: starts backend + web, opens the window
That's it β one command, zero config. pnpm desktop
starts the backend and web UI, then opens the desktop app (the build that can drive your own screen). With no key set it runs in demo mode: a bundled mock server and a throwaway sandbox key β no account, no network, no billing.
Then, in the window:
- Sign in with any email.
- On
Delegate, pick**βThis computer (local screen).β** - Type a task β confirm the cost β watch it work.
(Tip: put
NEEDS_HUMAN
in a task to see the approval flow and resume.)
π§
Bring your own LLM (BYOK).Want it to run onyourmodel instead of Coasty? OpenSettings β Model providerand add OpenRouter, OpenAI, or a local model (Ollama / LM Studio). Coasty stays the default until you switch.[Jump to BYOK β]
β οΈ Local control moves yourrealmouse and keyboard. Stop withCancel(or close the window), and start small β full safety notes in.[RUN_LOCALLY.md]
| Goal | How | Model | Cost |
|---|---|---|---|
| Automate your own PC | |||
pnpm desktop |
|||
| Coasty or your own LLM | |||
| demo $0 Β· BYOK = your provider's rate | |||
| Web app only | |||
pnpm dev β |
|||
| Coasty | $0 | ||
| Your Coasty account | |||
add COASTY_API_KEY to .env |
|||
| Coasty (real model) | sandbox key = $0 | ||
| Bring your own LLM (BYOK) | |||
| Settings β Model provider | |||
| OpenRouter Β· OpenAI Β· Ollama | your provider's rate Β· local = $0 |
The only thing you ever have to set is COASTY_API_KEY
β and even that's optional in demo mode. Everything else has a working default. Prefer your own model? That's BYOK β pick a provider in Settings and local runs use it. Full local-automation guide: ** RUN_LOCALLY.md**.
Using your own Coasty account, webhooks & the cost warning
echo "COASTY_API_KEY=sk-coasty-test-β¦" > .env # sandbox key β never bills
pnpm dev # now talks to the real Coasty API
With a key set, pnpm dev
does not start the mock and points the backend at
the real Coasty API. Start with a sandbox key (sk-coasty-test-β¦
) β it exercises the full real model and never bills. Switch to a live key only when you're ready to spend.
Webhooks (instant status without polling) require an https
COWORK_PUBLIC_URL
β Coasty only accepts HTTPS webhook URLs. open-cowork
detects this: over a non-https URL it simply doesn't register a webhook (so run
creation never fails) and state still syncs live via SSE + read-time reconcile.
Set an https COWORK_PUBLIC_URL
(a tunnel or your deployment β see DEPLOYMENT.md) to turn webhooks on.
β
Cost warning.With alivekey (sk-coasty-live-β¦
): runs bill$0.05/step, machines$0.05β0.09/hourrunning ($0.01 stopped), predict/session calls a few cents each. open-cowork always shows an estimate, requires explicit confirmation, enforces per-run budget caps server-side, and supports machine auto-terminate TTLs β but a live key is real money. All automated tests use the mock/sandbox path and never spend anything.
pnpm desktop # full stack + the desktop app (local screen control) β one command
pnpm dev # full stack, open the web app yourself at :5173
pnpm dev --no-web # API only (mock + backend)
pnpm dev:mobile # Expo / React Native (or: pnpm --filter @open-cowork/mobile web)
Run the Electron app against an already-running stack (advanced) #
With pnpm dev
already running in another terminal:
pnpm dev:desktop # builds the Electron bundles and opens the window only
pnpm desktop
does both for you β start the stack and open the window β and shuts it all down when you close the window.
- π¬ Delegate in chatβ"rename these files and email the report"β and watch the agent execute it step by step with a live screen view. - π§ Bring your own LLM (BYOK)β run local screen control onyourmodel: OpenRouter, OpenAI, or a local model (Ollama / LM Studio / vLLM). Coasty is just the default.Details β - πΊ Supervise runsβ dashboard, durable event timeline (SSE with replay), cancel / resume / human-takeover from web, desktop, or phone. - π Build workflowsβ a versioned JSON DSL (task Β· assert Β· if Β· loop Β· parallel Β· retry Β· human_approval) with instant validation, cost estimates, and hard server-side budget caps. - π₯οΈ Manage machinesβ provision Coasty cloud VMs, snapshot, stop, terminate, with live cost rates at every step. - π± Stay in the loop across devicesβ start a run on your laptop; when it s for approval, the banner pops on your phone. Approve there. - πΈ See cost at all timesβ wallet balance, per-run worst-case estimates, and an explicitconfirm-the-costhandshake before anything billable starts.
| Capability | π₯οΈ Desktop | π Web | π± Mobile |
|---|---|---|---|
| Local screen control | β first-class | β cloud machine | β cloud machine |
| Cloud-machine control + live view | β | β | β |
| Task chat + run dashboard | β | β | β |
| Workflow builder | β full | β full | view + approve |
| Approvals / human takeover | β | β | β |
| Cost / wallet view | β | β | β |
Bring your own key, bring your own model. Local screen control defaults to Coasty's computer-use model β but you can point it at any OpenAI-dialect LLM instead. In the desktop app, open Settings β Model provider, pick a provider, choose a vision-capable model, and local runs use it. Coasty stays the default; switch back any time with one click. Nothing else in the app changes.
| Provider | API key | Covers |
|---|---|---|
| OpenRouter | ||
| required | hundreds of models; vision read from OpenRouter's own modality metadata | |
| OpenAI | ||
| required | gpt-4o , gpt-4.1 , β¦ |
|
| OpenAI-compatible | ||
| optional | Ollama, LM Studio, vLLM, Together, Groq β any β¦/v1 base URL |
- ποΈ
Vision is required. Computer use is screenshot-driven, so a model that can't see images is flagged andblocked with a clear message β never a blind, wasted run. - π
Local-first. A local model (e.g. Ollama at
http://localhost:11434/v1
) runs entirely on your machine β no key, no cloud, no spend. - π
Your key stays yours. BYO keys are encrypted with yourOS keychain(ElectronsafeStorage
β DPAPI / Keychain / libsecret), live only in the desktop process, are scrubbed from every error message, andnever reach the web or mobile bundle. - π No surprise data egress. With a third-party model, your screenshots and prompts go to that provider β the app says so right in the confirm-the-cost dialog before a run starts. - βοΈ Cloud-machine runs always use Coasty. BYO drives local (desktop) runs today; cloud BYO is a documented follow-up.
Built on the
[Vercel AI SDK]: rate-limit (429) and transient errors retry with backoff, and if a model ignores structured output the response is recovered with a defensive JSON parse β so even smaller local models can drive the loop.
You βββΊ open-cowork backend βββΊ Coasty API βββΊ a screen the agent drives
β (the ONLY place ββ your own desktop (desktop app)
β the API key lives) ββ a Coasty cloud VM (any client)
ββββΊ web / desktop / mobile ββ a browser page (Playwright)
live events, approvals, costs
One shared agent loop (screenshot β predict β act β repeat) drives any
screen through a single Executor
interface β LocalExecutor
(your desktop),
RemoteMachineExecutor
(a cloud VM), or BrowserExecutor
. The predict step
is its own seam (@open-cowork/llm
): Coasty is the default implementation, and a bring your own LLM is just another one behind the same contract, so the loop, executors, and UI don't care which is behind it. Clients never hold the Coasty key: they talk to the backend with short-lived session tokens, and the backend proxies to Coasty, verifies HMAC-signed webhooks, persists runs, and fans events out over SSE. Full design in ** ARCHITECTURE.md**.
COASTY_API_KEY
exists only in the backend's environment. Browsers,
Electron renderers, and the mobile app authenticate with short-lived session
tokens and never see the key β enforced by tests that scan every client bundle
and a runtime E2E assertion that watches every browser request for secret
material. Bring-your-own-LLM keys follow the same rule: encrypted with the OS
keychain (safeStorage
), held only in the desktop process, scrubbed from every error, and kept out of the web/mobile bundles (the AI SDK is desktop-only). Coasty webhooks are verified with per-run HMAC secrets (constant-time compare, Β±5-minute replay window) before they can touch any state. Threat notes in ** SECURITY.md**.
| Guide | What's inside |
|---|---|
| Automate your own PC with the desktop app β step by step | |
SECURITY.mdDEPLOYMENT.mdCOOKBOOK.mdDECISIONS.mdΒ·CONTRIBUTING.mdΒ·SUMMARY.md
packages/core Coasty client, agent loop, workflow DSL, cost estimator, HMAC β isomorphic, zero deps
packages/executor Executor abstraction: LocalExecutor (native), RemoteMachineExecutor (VM), BrowserExecutor
packages/llm BYO LLM provider seam: Coasty + OpenAI/OpenRouter/Ollama via the Vercel AI SDK (desktop-only)
packages/ui Shared React design system + domain components
apps/backend Fastify: auth, Coasty proxy (sole key holder), webhooks, SQLite, SSE fan-out, budgets
apps/web Vite + React SPA (also hosted by the desktop shell)
apps/desktop Electron shell + LocalRunManager (local screen control)
apps/mobile Expo / React Native companion (monitor + approve)
tools/mock-coasty Full offline mock of the Coasty API (REST + SSE + signed webhooks)
e2e Playwright end-to-end flows (web + desktop)
| Command | What |
|---|---|
pnpm dev |
|
mock + backend + web, wired together (--no-web for API only) |
|
pnpm doctor |
|
| preflight: Node, deps, key shape | |
pnpm test |
|
| every unit + integration suite (offline, no spend) | |
pnpm typecheck Β· pnpm lint Β· pnpm format |
|
| strict static checks | |
pnpm e2e |
|
| Playwright: web + desktop journeys vs the mock | |
pnpm security:scan |
|
| assert no secret material in client code/bundles | |
| `pnpm dev:mock | backend |
| run any single piece |
Repository:https://github.com/coasty-ai/open-cowork** Issues & feature requests:https://github.com/coasty-ai/open-cowork/issues Report a vulnerability:**Security Advisories(seeSECURITY.md)Coasty:docsΒ·API keys
MIT Β© Coasty / open-cowork contributors