paseo

Name: paseo
Author: getpaseo

by getpaseo

Warning

Coding agents from your phone, desktop and CLI

6,769stars

644forks

TypeScript

Added 2/21/2026

View on GitHub Download ZIP

AI Agentsadeagentsclaude-codecodexcopilotdeveloper-toolsgeminimobileopencodeorchestrationpi

Installation

# Add to your Claude Code skills
git clone https://github.com/getpaseo/paseo

Getting Started

Guides for using ai agents skills like paseo.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills
First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.

Security ReportWarning

Last scanned: 4/20/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@cloudflare/vite-plugin: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@expo/config: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@expo/config-plugins: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@expo/plist: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@expo/prebuild-config: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@modelcontextprotocol/sdk: Anthropic's MCP TypeScript SDK has a ReDoS vulnerability",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@tanstack/react-start: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@tanstack/react-start-server: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@tanstack/start-plugin-core: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@tanstack/start-server-core: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@typescript-eslint/eslint-plugin: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@typescript-eslint/parser: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@typescript-eslint/type-utils: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@typescript-eslint/typescript-estree: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@typescript-eslint/utils: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "axios: Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "body-parser: body-parser is vulnerable to denial of service when url encoding is used",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "eas-cli: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "electron: Electron: Use-after-free in offscreen shared texture release() callback",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "expo-module-scripts: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "flatted: Prototype Pollution via parse() in NodeJS flatted",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "h3: h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono missing validation of cookie name on write path in setCookie()",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "http-proxy-agent: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "jest-environment-jsdom: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "jest-expo: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "jsdom: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "markdown-it: Uncontrolled Resource Consumption in markdown-it",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "miniflare: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "node-forge: node-forge has ASN.1 Unbounded Recursion",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "path-to-regexp: path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "react-native-markdown-display: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "smol-toml: smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "srvx: srvx is vulnerable to middleware bypass via absolute URI in request line ",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "wrangler: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
      "severity": "medium"
    }
  ],
  "status": "WARNING",
  "scannedAt": "2026-04-20T06:16:21.296Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Run agents in parallel on your own machines. Ship from your phone or your desk.

Self-hosted: Agents run on your machine with your full dev environment. Use your tools, your configs, and your skills.
Multi-provider: Claude Code, Codex, Copilot, OpenCode, and Pi through the same interface. Pick the right model for each job.
Voice control: Dictate tasks or talk through problems in voice mode. Hands-free when you need it.
Cross-device: iOS, Android, desktop, web, and CLI. Start work at your desk, check in from your phone, script it from the terminal.
Privacy-first: Paseo doesn't have any telemetry, tracking, or forced log-ins.

Getting Started

Paseo runs a local server called the daemon that manages your coding agents. Clients like the desktop app, mobile app, web app, and CLI connect to it.

Prerequisites

You need at least one agent CLI installed and configured with your credentials:

Desktop app (recommended)

Download it from paseo.sh/download or the GitHub releases page. Open the app and the daemon starts automatically. Nothing else to install.

To connect from your phone, scan the QR code shown in Settings.

CLI / headless

Install the CLI and start Paseo:

npm install -g @getpaseo/cli
paseo

This shows a QR code in the terminal. Connect from any client. This path is useful for servers and remote machines.

For full setup and configuration, see:

CLI

Everything you can do in the app, you can do from the terminal.

paseo run --provider claude/opus-4.6 "implement user authentication"
paseo run --provider codex/gpt-5.4 --worktree feature-x "implement feature X"

paseo ls                           # list running agents
paseo attach abc123                # stream live output
paseo send abc123 "also add tests" # follow-up task

# run on a remote daemon
paseo --host workstation.local:6767 run "run the full test suite"

See the full CLI reference for more.

Skills

Skills teach your agent to use Paseo to orchestrate other agents.

npx skills add getpaseo/paseo

Then use them in any agent conversation:

/paseo-handoff — hand off work between agents. I use this to plan with Claude and then handoff to Codex to implement.
/paseo-loop — loop an agent against clear acceptance criteria (aka Ralph loops), optionally with a verifier.
/paseo-advisor — spin up a single agent as an advisor for a second opinion, without delegating the work itself.
/paseo-committee — form a committee of two contrasting agents to step back, do root cause analysis, and produce a plan.

Development

Quick monorepo package map:

packages/server: Paseo daemon (agent process orchestration, WebSocket API, MCP server)
packages/app: Expo client (iOS, Android, web)
packages/cli: paseo CLI for daemon and agent workflows
packages/desktop: Electron desktop app
packages/relay: Relay package for remote connectivity
packages/website: Marketing site and documentation (paseo.sh)

Common commands:

# run all local dev services
npm run dev

# run individual surfaces
npm run dev:server
npm run dev:app
npm run dev:desktop
npm run dev:website

# build the daemon
npm run build:daemon

# repo-wide checks
npm run typecheck

Community

paseo-relay — self-hosted relay in Go

Self-hosted relay TLS

Self-hosted relays use ws:// unless TLS is opted in. For a relay behind nginx on 443, start the daemon with:

PASEO_RELAY_ENDPOINT=127.0.0.1:8080 \
PASEO_RELAY_PUBLIC_ENDPOINT=relay.example.com:443 \
PASEO_RELAY_USE_TLS=true \
paseo daemon start

Equivalent config:

{
  "daemon": {
    "relay": {
      "enabled": true,
      "endpoint": "127.0.0.1:8080",
      "publicEndpoint": "relay.example.com:443",
      "useTls": true
    }
  }
}

Minimal nginx WebSocket proxy:

server {
  listen 443 ssl;
  server_name relay.example.com;

  ssl_certificate /etc/letsencrypt/live/relay.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/relay.example.com/privkey.pem;

  location /ws {
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
  }
}

License

AGPL-3.0

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

194,955

30,026

JavaScript

AI Agentsai-agentsanthropic

View details

Compare

everything-claude-code

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

185,940

28,768

JavaScript

AI Agentsai-agentsanthropic

The agent that grows with you

169,227

28,155

Python

AI Agentsaiai-agent

View details

Compare

claude-code

by anthropics

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.

120,031

19,897

Shell

AI Agents

An open-source AI agent that brings the power of Gemini directly into your terminal.

104,640

13,894

TypeScript

AI Agentsaiai-agents

View details

Compare

llama.cpp

by ggml-org

LLM inference in C/C++

103,839

16,880

C++

AI Agentsggml

View details

Compare

Browse all AI Agents skills

fireworks-tech-graph Bindu

Run agents in parallel on your own machines. Ship from your phone or your desk.

Self-hosted: Agents run on your machine with your full dev environment. Use your tools, your configs, and your skills.
Multi-provider: Claude Code, Codex, Copilot, OpenCode, and Pi through the same interface. Pick the right model for each job.
Voice control: Dictate tasks or talk through problems in voice mode. Hands-free when you need it.
Cross-device: iOS, Android, desktop, web, and CLI. Start work at your desk, check in from your phone, script it from the terminal.
Privacy-first: Paseo doesn't have any telemetry, tracking, or forced log-ins.

Getting Started

Paseo runs a local server called the daemon that manages your coding agents. Clients like the desktop app, mobile app, web app, and CLI connect to it.

Prerequisites

You need at least one agent CLI installed and configured with your credentials:

Desktop app (recommended)

Download it from paseo.sh/download or the GitHub releases page. Open the app and the daemon starts automatically. Nothing else to install.

To connect from your phone, scan the QR code shown in Settings.

CLI / headless

Install the CLI and start Paseo:

npm install -g @getpaseo/cli
paseo

This shows a QR code in the terminal. Connect from any client. This path is useful for servers and remote machines.

For full setup and configuration, see:

CLI

Everything you can do in the app, you can do from the terminal.

paseo run --provider claude/opus-4.6 "implement user authentication"
paseo run --provider codex/gpt-5.4 --worktree feature-x "implement feature X"

paseo ls                           # list running agents
paseo attach abc123                # stream live output
paseo send abc123 "also add tests" # follow-up task

# run on a remote daemon
paseo --host workstation.local:6767 run "run the full test suite"

See the full CLI reference for more.

Skills

Skills teach your agent to use Paseo to orchestrate other agents.

npx skills add getpaseo/paseo

Then use them in any agent conversation:

/paseo-handoff — hand off work between agents. I use this to plan with Claude and then handoff to Codex to implement.
/paseo-loop — loop an agent against clear acceptance criteria (aka Ralph loops), optionally with a verifier.
/paseo-advisor — spin up a single agent as an advisor for a second opinion, without delegating the work itself.
/paseo-committee — form a committee of two contrasting agents to step back, do root cause analysis, and produce a plan.

Development

Quick monorepo package map:

packages/server: Paseo daemon (agent process orchestration, WebSocket API, MCP server)
packages/app: Expo client (iOS, Android, web)
packages/cli: paseo CLI for daemon and agent workflows
packages/desktop: Electron desktop app
packages/relay: Relay package for remote connectivity
packages/website: Marketing site and documentation (paseo.sh)

Common commands:

# run all local dev services
npm run dev

# run individual surfaces
npm run dev:server
npm run dev:app
npm run dev:desktop
npm run dev:website

# build the daemon
npm run build:daemon

# repo-wide checks
npm run typecheck

Community

paseo-relay — self-hosted relay in Go

Self-hosted relay TLS

Self-hosted relays use ws:// unless TLS is opted in. For a relay behind nginx on 443, start the daemon with:

PASEO_RELAY_ENDPOINT=127.0.0.1:8080 \
PASEO_RELAY_PUBLIC_ENDPOINT=relay.example.com:443 \
PASEO_RELAY_USE_TLS=true \
paseo daemon start

Equivalent config:

{
  "daemon": {
    "relay": {
      "enabled": true,
      "endpoint": "127.0.0.1:8080",
      "publicEndpoint": "relay.example.com:443",
      "useTls": true
    }
  }
}

Minimal nginx WebSocket proxy:

server {
  listen 443 ssl;
  server_name relay.example.com;

  ssl_certificate /etc/letsencrypt/live/relay.example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/relay.example.com/privkey.pem;

  location /ws {
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
  }
}

License

AGPL-3.0