by AnyiWang
Local-first desktop app for AI coding agents (Claude Code, Codex). Built with Tauri v2 + Svelte 5.
# Add to your Claude Code skills
git clone https://github.com/AnyiWang/OpenCovibeLast scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@sveltejs/kit: SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cookie: cookie accepts cookie name, path, and domain with out of bounds characters",
"severity": "low"
},
{
"type": "npm-audit",
"message": "devalue: devalue has prototype pollution in devalue.parse and devalue.unflatten",
"severity": "high"
},
{
"type": "npm-audit",
"message": "dompurify: DOMPurify contains a Cross-site Scripting vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "exceljs: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "svelte: Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:45:45.459Z",
"npmAuditRan": true,
"pipAuditRan": true
}OpenCovibe is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by AnyiWang. Local-first desktop app for AI coding agents (Claude Code, Codex). Built with Tauri v2 + Svelte 5. It has 198 GitHub stars.
OpenCovibe returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/AnyiWang/OpenCovibe" and add it to your Claude Code skills directory (see the Installation section above).
OpenCovibe is primarily written in Rust. It is open-source under AnyiWang on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh OpenCovibe against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
AI coding CLIs like Claude Code are powerful, but they run inside a terminal. That means no persistent dashboard, no visual diff review, no cross-session history, and no multi-provider switching. OpenCovibe wraps these CLIs with a native desktop UI that adds the layers the terminal can't provide — while keeping all your data stored locally. (Remote model APIs require network access; the app itself has no cloud backend.)
| Agent | Status |
|---|---|
| Claude Code | Supported |
| Codex | Supported — interactive app-server mode (default) with exec fallback |
Platform status: Currently developed and tested primarily on macOS. Windows and Linux builds are functional but have not been thoroughly tested for compatibility — contributions and bug reports are welcome.
Core principle: Wrap the CLI, surface the work, keep it local.
| Capability | What OpenCovibe adds |
|---|---|
| Visual Tool Cards | Every tool call (Read, Edit, Bash, Grep, Write, WebFetch, …) rendered as an inline card with syntax-highlighted diffs, structured output, and one-click copy |
| Run History & Replay | Browse all past sessions, full event replay, resume / fork from any point, soft-delete with recovery |
| Multi-Provider Switching | Use Claude Code with 15+ API providers (DeepSeek, Kimi, Zhipu, Bailian, DouBao, MiniMax, OpenRouter, Ollama, …) — hot-switch without restarting |
| Remote Browser Access | Embedded web server for browser-based access over LAN or HTTP tunnels (ngrok / cloudflared) |
| File Explorer | Browse and edit project files with syntax highlighting, markdown preview, image preview, and git diff view |
| Memory Editor | Create and edit CLAUDE.md, project-scoped and user-scoped memory files with live preview |
| Agent Management | Visual editor to create, edit, and manage custom agent definitions (.md files) with form and source modes |
| Permission Rules | Manage CLI permission allow/deny rules at user and project level with a visual rule editor |
| Usage Analytics | Per-model token breakdown, cost tracking, daily heatmap, stacked model chart, session-level stats |
| Team Dashboard | Read-only view into Claude Code multi-agent teams — task lists, teammate status, message flow |
| Activity Monitor | Real-time hook event stream, tool activity timeline, file tracking panel, subagent tracking with nested tool cards |
| Plugin Marketplace | Browse, install, and manage Claude Code plugins and skills from a visual marketplace |
| MCP Management | Discover MCP servers, view per-server status, reconnect / toggle from a panel |
| Inline Permissions | Rich permission review UI with batch Allow/Deny panel, CLI-suggested "Always Allow" rules, and AskUserQuestion rendering |
| CLI Session Import | Discover and import existing Claude Code CLI sessions into OpenCovibe |
| Rewind | Checkpoint and selectively revert file changes with dry-run preview |
| Remote Hosts | Configure SSH hosts for remote CLI execution with key generation wizard and connectivity testing |
| Preview & Element Picker | Open a localhost preview in a companion window, interactively pick page elements, and insert structured context (DOM path, styles, HTML snippet) into the chat |
| Ralph Loop | Auto-iterate the same prompt until a completion condition is met — hands-free coding with configurable max iterations |
| Doctor Diagnostics | System health checks for CLI, platform, SSH, and proxy configuration |
/model, /diff, /todos, /tasks, /doctor, /copy, /stats, /preview, /ralph, and more — rendered natively in-appDownload the latest .dmg from Releases — universal binary, supports both Apple Silicon and Intel Macs.
Note: The app is not code-signed. On first launch, right-click and select "Open" to bypass macOS Gatekeeper.
git clone https://github.com/AnyiWang/OpenCovibe.git
cd OpenCovibe
./scripts/setup.sh # add --yes to skip confirmation prompts
npm run tauri dev
The setup script detects missing dependencies (Xcode CLI Tools, Homebrew, Node.js, Rust) and installs them automatically.
Prerequisites:
macOS:
xcode-select --install
brew install node
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Linux (Debian/Ubuntu):
sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file \
libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Windows:
# Install Rust from https://rustup.rs
# Install Node.js from https://nodejs.org
Build & Run:
git clone https://github.com/AnyiWang/OpenCovibe.git
cd OpenCovibe
npm install
npm run tauri dev
On first launch, OpenCovibe guides you through:
You can re-run the wizard anytime from Settings > General > Setup Wizard.
| Provider | Endpoint | Auth |
|---|---|---|
| Anthropic | Official API | API Key |
| DeepSeek | api.deepseek.com/anthropic |
Bearer |
| Kimi (Moonshot) | api.moonshot.cn/anthropic |
Bearer |
| Kimi For Coding | api.kimi.com/coding/ |
Bearer |
| Zhipu (智谱) | open.bigmodel.cn/api/anthropic |
Bearer |
| Zhipu (智谱 Intl) | api.z.ai/api/anthropic |
Bearer |
| Bailian (Coding Plan) | coding.dashscope.aliyuncs.com/apps/anthropic |
Bearer |
| Bailian (百炼 API) | dashscope.aliyuncs.com/apps/anthropic |
Bearer |
| DouBao (豆包) | ark.cn-beijing.volces.com/api/coding |
Bearer |
| MiniMax | api.minimax.io/anthropic |
Bearer |
| MiniMax (China) | api.minimaxi.com/anthropic |
Bearer |
| Xiaomi MiMo (小米) | api.xiaomimimo.com/anthropic |
Bearer |
| Xiaomi MiMo (Token Plan) | token-plan-cn.xiaomimimo.com/anthropic |
Bearer |
| Tencent Hunyuan (混元) | api.hunyuan.cloud.tencent.com/anthropic |
Bearer |
| SiliconFlow (硅基流动) | api.siliconflow.com/ |
Bearer |
| Platform | Endpoint | Auth |
|---|---|---|
| Vercel AI Gateway | ai-gateway.vercel.sh |
Bearer |
| OpenRouter | openrouter.ai/api |
Bearer |
| AiHubMix | aihubmix.com |
Bearer |
| ZenMux | zenmux.ai/api/anthropic |
Bearer |
| Platform | Endpoint |
|---|---|
| Ollama | localhost:11434 |
| CC Switch | localhost:15721 |
| Claude Code Router | localhost:3456 |
| Custom | Any Anthropic-compatible endpoint |
Tech Stack:
| Layer | Technology |
|---|---|
| Framework | Tauri v2 (Rust backend + WebView) |
| Frontend | Svelte 5 + SvelteKit (adapter-static) |
| Styling | Tailwind CSS v3 + CSS variables |
| Terminal | xterm.js |
| Markdown | marked + highlight.js + DOMPurify |
| i18n | Custom lightweight runtime (en + zh-CN) |
| Testing | Vitest |
Agent Communication:
Each session is a long-lived, multi-turn process managed by a per-run session actor. Claude Code communicates over a bidirectional stream-JSON protocol (stdin/stdout) with an interactive control protocol. Codex supports two transports: codex app-server (bidirectional JSON-RPC — the **defau