tessera
by horang-labs
Tessera — a workspace for organizing AI coding sessions across projects, collections, tabs, panes, and Git worktrees
254stars
24forks
TypeScript
Added 5/10/2026
View on GitHubDownload ZIPScan for vulnerabilities
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
Installation
# Add to your Claude Code skills
git clone https://github.com/horang-labs/tesseraGetting Started
Guides for using ai agents skills like tessera.
- Caveman: Cut Claude Token Use by 65%How agent-side prompt compression works, when to use it, and when not to.
- What is an AI Skills Marketplace?Definitions, how marketplaces work, and how to choose between them in 2026.
- Getting Started with AI SkillsFirst-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.
Security ReportWarning
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@electron/rebuild: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "app-builder-lib: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "axios: Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
"severity": "high"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cacache: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "dmg-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron: Electron has ASAR Integrity Bypass via resource modification",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder-squirrel-windows: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "make-fetch-happen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "next: Next.js Vulnerable to Denial of Service with Server Components",
"severity": "high"
},
{
"type": "npm-audit",
"message": "node-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:26:58.892Z",
"npmAuditRan": true,
"pipAuditRan": true
}Tessera
Keep parallel AI coding work organized.
Tessera helps you run Claude Code, Codex, and OpenCode side by side without losing track of sessions, files, branches, diffs, or pull requests.
Product Demos
Projects, collections, sessions, tabs, and panes
Organize AI coding work by project and collection, then open sessions across persistent tabs and split panes.
Terminal and file tabs
Open agent sessions, terminals, and files as movable tabs so you can reshape the workspace around the work instead of switching tools.
Kanban board workflow
Move implementation work through Todo, Doing, Review, and Done while keeping each task tied to sessions, collections, and worktrees.
Realtime Git worktree tracking
Track each task's worktree, branch, diff, PR state, and workflow status as agents continue working.
Rich composer controls
Open new panels, continue an existing conversation, tune reasoning, select models, choose permissions, use voice input (browser runtime only), add @ references, attach images, and send context-rich prompts from one composer.
Cross-platform agent workspace
Use the same multi-agent workspace in the browser, on macOS, or on Windows while running Claude Code, Codex, OpenCode, and their model choices side by side.
Agent state, tool logs, and diffs
Keep each agent session tied to its task and worktree while tracking tool calls, failures, file changes, diffs, and branch state in real time.
Custom worktree paths
Choose where Tessera creates managed worktrees so agent tasks fit into your existing local development workflow.
Resources
| Link | Purpose |
|---|---|
| Download Latest Release | Download the desktop app for Windows, macOS, or Linux |
| npm package | Run Tessera in the browser |
| [Product Hunt launch][product-hunt] | Support the launch on Product Hunt |
| [Team design partner waitlist][design-partner-waitlist] | Help shape team workspaces and enterprise workflows |
| GitHub Issues | Report bugs and feature requests |
| [Good first issues][good-first-issues] | Find starter-sized docs, QA, and polish tasks |
| [Help wanted][help-wanted] | Find community-friendly areas where maintainer context helps |
| [Discussions][discussions] | Ask questions and propose workflows |
| [Contributing][contributing] | Set up the project and send focused pull requests |
Install
Desktop app
Download from GitHub Releases.
| Platform | Asset |
|---|---|
| Windows, including WSL | Portable .exe |
| macOS | .dmg for Apple Silicon or Intel |
| Linux beta | .deb or .AppImage |
Windows builds are not code-signed yet, so SmartScreen may show an unknown-publisher warning. macOS builds are signed and notarized with Apple Developer ID.
Release downloads, excluding npm installs, as of 2026-05-15 00:28 UTC:
| Version | Windows | macOS | Linux | Total |
|---|---|---|---|---|
| 0.1.0 | 8 | 6 | 0 | 14 |
| 0.1.1 | 14 | 13 | 0 | 27 |
| 0.1.2 | 6 | 9 | 1 | 16 |
| 0.1.3 | 24 | 21 | 5 | 50 |
| 0.1.4 | 30 | 27 | 2 | 59 |
| 0.1.5 | 27 | 62 | 9 | 98 |
| Total | 109 | 138 | 17 | 264 |
Browser runtime
Requires Node.js 20 or later and npm 10 or later.
npm install -g @horang-labs/tessera
tessera
Open the printed local URL.
Docker Compose
mkdir -p data/config data/local data/ssh data/codex data/tessera workspaces
touch data/gitconfig
docker compose up --build -d
Open http://127.0.0.1:32123. If bind mounts are not writable:
sudo chown -R 1000:1000 data workspaces
First Run
On first run, Tessera guides you through:
- Creating a local account for the browser runtime.
- Checking that a supported CLI is installed and authenticated.
- Selecting a project folder.
- Starting a chat or worktree-backed task.
Authenticate provider CLIs first, for example with claude login, codex login, or OpenCode's configured provider credentials.
Core Features
Tessera is designed for developers who run multiple AI coding sessions and need more structure than terminal tabs:
| Feature | Details |
|---|---|
| Session organization | Structure AI coding work by project, collection, chat session, task, tab, pane, and worktree |
| Parallel workspace | Run many chats and implementation tasks side by side without losing status, context, or ownership |
| Multi-panel UI | Persistent tabs, split panes, draggable sessions, and long-running workspace layouts |
| Chat-to-task flow | Start with research or ideation, then continue the conversation into a managed git worktree |
| Observable session timeline | Agent output, reasoning, tool calls, failed tool context, permissions, plans, user prompts, files, diffs, branches, and PR state in one place |
| List and Kanban views | Use list view for high-volume exploration and Kanban view when implementation status matters |
| Git and PR workflow | Commit, push, create PRs, merge PRs, inspect diffs, and track branch/PR state from the Git panel |
| Context-rich composer | @ file references, chat/task references, pasted images, and local file attachments |
| Drag-and-drop workspace | Move sessions, arrange workspace structure, and attach context through drag-and-drop interactions |
| Provider-native controls | Permission prompts, plan approvals, runtime modes, reasoning controls, and provider access controls in the workspace |
| Model choice through OpenCode | Use the models and providers configured in OpenCode, including local or air-gapped LLM setups |
| Cross-environment support | macOS, Windows, and browser-based npm runtime |
| Unified session history | Session history, multi-agent conversation data, attachments, settings, worktree metadata, and workspace state in one place |
Also included: keyboard-first navigation, browser-native voice input through the Web Speech API in the browser runtime, and a Claude Code skills dashboard discovered from the local environment.
Technical Highlights
Tessera is built around a local runtime and provider-based CLI layer:
- Provider adapter architecture: each CLI is isolated behind a
CliProvidercontract for process lifecycle, protocol parsing, runtime controls, approvals, interrupts, and skills. - Protocol normalization layer: Claude Code
stream-json, Codexapp-server, and OpenCode ACP JSON-RPC events are translated into a shared realtime message model. - Agent workspace model: chats, tasks, collections, workflow states, managed git worktrees, PR state, diffs, provider controls, and interactive prompts are modeled as first-class workspace concepts.
- OpenCode model bridge: Tessera reads OpenCode's model catalog and exposes configured models, providers, and reasoning variants in the workspace.
- Shared local runtime: desktop and browser runtimes share the same local server, provider layer, and configurable app-data directory.
| Provider | Local command | Status | Notes |
|---|---|---|---|
| Claude Code | claude |
Supported | Uses streaming JSON mode, permission modes, plan approval, AskUserQuestion prompts, and installed skill discovery |
| Codex | codex |
Supported | Uses app-server JSON-RPC events, approval requests, plan deltas, sandbox/access controls, and reasoning effort |
| OpenCode | opencode |
Supported | Uses ACP JSON-RPC, OpenCode modes, permission presets, and the models/providers configured in OpenCode |
Provider-specific implementation lives under src/lib/cli/providers/. The rest of the app talks to the shared provider contract instead of CLI-specific internals.
Build From Source
For development, clone the repository and install dependencies:
Source development requires Node.js 20 or later and npm 10 or later.
git clone https://github.com/horang-labs/tessera.git
cd tessera
npm install
Tessera uses a custom Node.js server for the Next.js app, WebSocket transport, database initialization, provider bootstrapping, and background pollers. The dev script starts that server:
npm run dev
Supported environment variables:
| Variable | Default | Purpose | |---------
Frequently Asked Questions
What is tessera?
tessera is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by horang-labs. Tessera — a workspace for organizing AI coding sessions across projects, collections, tabs, panes, and Git worktrees. It has 254 GitHub stars.
Is tessera safe to use?
tessera returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
How do I install tessera?
Clone the repository with "git clone https://github.com/horang-labs/tessera" and add it to your Claude Code skills directory (see the Installation section above).
What programming language is tessera written in?
tessera is primarily written in TypeScript. It is open-source under horang-labs on GitHub, so you can review or fork the full source.
Are there alternatives to tessera?
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh tessera against similar tools.
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!
Related Skills
An agentic skills framework & software development methodology that works.
234,966
20,863
Shell
AI Agentsaibrainstorming
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
220,737
33,797
JavaScript
AI Agentsai-agentsanthropic
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
193,841
58,794
TypeScript
MCP Serversaiapis
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
185,940
28,768
JavaScript
AI Agentsai-agentsanthropic
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.
120,031
19,897
Shell
AI Agents