Open-Cowork hit GitHub this week as a fully open-source alternative to Claude Cowork, Anthropic's proprietary agentic coworker that watches your screen and executes tasks on command. Built by Coasty AI, the project lets you hand off real computer work โ€” file renaming, browser automation, email drafting โ€” to an AI agent while maintaining human oversight at every step. The killer feature? Bring your own LLM, whether that's OpenRouter, OpenAI, a local Ollama instance, or anything speaking the OpenAI dialect.

Architecture: One Loop, Three Screens

The project centers on a single agent loop that handles screenshot โ†’ predict โ†’ act โ†’ repeat across three execution targets. LocalExecutor drives your actual desktop through an Electron shell โ€” meaning it moves your real mouse and keyboard, with Cancel as the panic button. RemoteMachineExecutor taps Coasty's cloud VMs for sandboxed automation, while BrowserExecutor uses Playwright to automate web pages without touching your host OS at all. The predict step lives behind a clean seam (@open-cowork/llm), so swapping Coasty for your own model requires zero changes to executors, the UI, or the workflow DSL. That's solid engineering.

Bring Your Own Key, Bring Your Own Model

The BYOK story is where Open-Cowork actually differentiates from Anthropic's offering. In Settings โ†’ Model provider, you can point it at OpenRouter for access to hundreds of models, native OpenAI for GPT-4o or GPT-4.1, or any OpenAI-compatible endpoint โ€” Ollama on localhost:11434, LM Studio, vLLM, Together, Groq. Vision capability is enforced; the app blocks attempts to run with a model that can't parse screenshots and throws a clear error rather than silently wasting your budget. Local models like Ollama run entirely offline for zero cost.

Security Model Worth Studying

Coasty AI went deep on key custody here. The COASTY_API_KEY lives exclusively in the backend's environment โ€” browsers, Electron renderers, and mobile apps authenticate via short-lived session tokens and never see it. BYO LLM keys follow the same rule: encrypted with OS-native keychain storage (safeStorage / DPAPI / libsecret), held only in the desktop process, scrubbed from error messages, and kept out of web/mobile bundles through a security:scan assertion. Webhook verification uses per-run HMAC secrets with constant-time comparison and a ยฑ5-minute replay window to prevent spoofing. Worth bookmarking their SECURITY.md if you're deploying this anywhere.

Cost Guardrails You Don't See Elsewhere

Open-Cowork shows an estimate before every billable run, requires explicit confirmation, enforces server-side budget caps per execution, and supports machine auto-terminate TTLs for cloud VMs. The pricing is Coasty's: $0.05/step with machines at $0.05โ€“0.09/hour running ($0.01 stopped). Sandbox keys (sk-coasty-test-โ€ฆ) exercise the full model stack without ever billing โ€” useful for CI, testing workflows, or just kicking the tires. Their e2e tests run exclusively against mock/sandbox paths and never touch real money.

Tech Stack: Node 24, Fastify, Vercel AI SDK

The monorepo structure is clean: packages/core handles the agent loop, workflow DSL (task ยท assert ยท if ยท loop ยท parallel ยท retry ยท human_approval), cost estimation, and HMAC โ€” zero runtime dependencies. packages/executor abstracts LocalExecutor, RemoteMachineExecutor, and BrowserExecutor behind a shared interface. packages/llm wires up model providers via Vercel AI SDK with defensive JSON parsing to recover structured output from smaller local models that might drift. apps/backend runs Fastify as the sole key holder, persisting state to SQLite and fanning events out over SSE. Frontend is React across web (Vite), desktop (Electron shell), and mobile (Expo / React Native companion for monitoring and approvals).

The Bottom Line

Anthropic's Cowork is impressive but opaque โ€” you trust their model, their infrastructure, their pricing. Open-Cowork rips that closed box open: MIT-licensed, auditable end-to-end, runs on hardware you own with models you control. If you've been waiting for an open-source answer to proprietary agentic computing, this is it. Clone the repo, run pnpm desktop, and watch your first AI coworker move your mouse in real-time.