# Coasty — AI Employee Platform (Full Technical Documentation) # https://coasty.ai # This is the extended version of llms.txt with comprehensive technical details. > Coasty is the #1 ranked computer-using AI agent platform, scoring 82% on the OSWorld benchmark across 369 real-world automation tasks. It provides autonomous desktop control through sandboxed virtual machines, with browser automation, desktop application control, terminal operations, and multi-agent orchestration. Available as a web application, native desktop app for Mac and Windows, public REST API at `/v1/*`, and MCP server (`npx -y @coasty/mcp`). Starting at $19/month. Last updated: 2026-05-05. This document is the long-form companion to https://coasty.ai/llms.txt. It exists so an AI agent that finds Coasty via search can answer the next 10 questions a user might ask without making another network round-trip. ## Product Overview Coasty is a full-stack AI employee platform — a computer-using agent that controls a desktop like a human. It opens browsers, clicks, types, navigates apps, fills forms, sends emails, and manages spreadsheets autonomously. Users can watch it work in real time through live screen streaming, and every action is fully logged and auditable. There are four ways to use Coasty: 1. **Web application** at https://coasty.ai — sign up, click "New Run", give the agent a goal, watch it work in your browser. 2. **Native desktop app** (Mac, Windows, Linux) — registers your local machine with Coasty's backend so the same APIs that drive a sandbox VM can drive your real desktop. No data leaves your network. Download: https://coasty.ai/download. 3. **Public REST API** at `/v1/*` — direct programmatic access. Stateless `POST /v1/predict` (screenshot + instruction → actions), stateful sessions, managed VMs, scheduled jobs. Auth via `sk-coasty-{live|test}-*` keys. 4. **MCP server** (`@coasty/mcp` on npm) — exposes 26 tools to any MCP host (Claude Desktop, Claude Code, Cursor, Windsurf, VS Code Copilot Agent). Install with `npx -y @coasty/mcp`. ### What Makes Coasty Different - **VM-Level Isolation**: Each session runs in its own sandboxed virtual machine. Data stays safe, machines stay untouched, nothing leaks between sessions. This is true VM-level isolation, not just containers in a shared pool. - **OSWorld Benchmark #1**: 82% completion rate across 369 real-world tasks spanning browsers, office applications, and system operations — state of the art for computer-using agents. - **CAPTCHA Solving**: Built-in CAPTCHA-solving pipeline prevents blocking that affects competing tools. - **Multi-Model AI**: Works with OpenAI, Anthropic, Google, Mistral, xAI, Bedrock, OpenRouter, Perplexity, and more. Routes tasks to the best model. - **Desktop App**: Native Electron app for Mac and Windows that controls the user's local machine directly — no VM required for local tasks. - **Sandbox keys**: `sk-coasty-test-*` keys return mock VMs in under 50ms and bill 0 credits, with identical request/response schemas to production. Perfect for CI, local development, integration testing. - **Scheduled automation**: cron, webhook (HMAC-SHA256-signed), email-triggered, and chain-trigger schedules — agents run on autopilot. ## Detailed Capabilities ### Browser Agent - Web navigation and page interaction (clicking, typing, scrolling, hovering) - Form filling across any website (job applications, YC applications, government forms, etc.) - Data extraction and web scraping - Search-first strategy: always researches via Google before opening browser - Tab management and multi-page workflows - File download and upload handling - Cookie and session management ### Desktop Agent - Full desktop application control through screenshots and mouse/keyboard - Works with any application: spreadsheets, email clients, CRMs, design tools - Window management (minimize, maximize, switch between apps) - Drag-and-drop operations - Platform-specific implementations: - Windows: PowerShell + user32.dll for mouse/keyboard events - macOS: Swift scripts via CoreGraphics + osascript - Linux: xdotool + wmctrl ### Terminal Agent - Command execution across any shell (PowerShell, bash, zsh) - File system operations (read, write, edit, delete, directory management) - Software installation and configuration - Git operations and version control - Process management ### Multi-Agent Orchestration 1. Task Planning: LLM decomposes user request into sequential subtasks 2. Agent Assignment: Each subtask assigned to specialized agent (browser/terminal/desktop) 3. Sequential Execution: Tasks execute in order with context passing 4. Context Sharing: Previous task summaries passed to next task 5. Streaming: All execution streams via Server-Sent Events to frontend ### Swarms (parallel multi-machine agents) 1. Task decomposition: LLM splits prompt into subtasks (1 per machine) 2. Parallel execution: each machine gets isolated CUAExecutor with shared memory 3. Shared state: key-value store, activity log, point-to-point + broadcast messaging 4. Result aggregation: LLM summarises across machines at completion ## Use Cases with Examples ### Marketing Automation - Ran a full Reddit marketing campaign autonomously: researched competitors, identified subreddits, crafted posts, engaged with comments - Posted on Hacker News and engaged with comments in real time - Social media content distribution across platforms ### Sales & Outreach - Found prospective customers, researched companies, wrote 200+ personalized emails - LinkedIn recruiting: sourced candidates, sent connection requests, scheduled calls - CRM updates and pipeline management ### QA Testing - QA tested its own product: navigated every checkout and onboarding flow, found 14 bugs - Automated regression testing across web applications - Visual verification and bug report generation ### Job Applications - Applied to 50 jobs in one afternoon: found matching roles, tailored resumes, submitted applications - Filled out the YC S26 application (30+ fields across multiple pages) ### Customer Support - Resolved support tickets end-to-end: looked up accounts, diagnosed issues, wrote replies - Email composition matching user's tone and context ### Data Entry & Forms - Spreadsheet management and data organization - CRM data entry and updates - Government and compliance form filling ## Technical Architecture ### Frontend - Framework: Next.js 15 with App Router, React 19, TypeScript - Styling: Tailwind CSS with Radix UI components - State: Zustand stores for chat, models, user, and sessions - AI SDK: Vercel AI SDK for streaming LLM responses - Auth: Supabase authentication - Billing: Stripe subscriptions ### Backend - Framework: Python FastAPI with async/await - Core Services: - cua_executor.py: Computer Use Agent execution engine - multi_agent_executor.py: Orchestrates multi-agent task execution - vm_control.py: WebSocket-based VM control with persistent connections - database.py: Supabase integration - agent_billing.py: Usage tracking and credits - public_schedules_service.py: Webhook + cron scheduled jobs (HMAC-SHA256 signing) - AI Providers: AWS Bedrock (primary), OpenAI, Anthropic, Google, Mistral, xAI, OpenRouter, Perplexity ### Infrastructure - Sandboxed VMs on AWS EC2 (ARM64 t4g) and Azure Container Instances - Docker containers running Ubuntu 22.04 with XFCE desktop - WebSocket communication on port 8080 - VNC + noVNC for remote desktop access - Automatic teardown after session completion ### Desktop App (Electron) - Cross-platform: Windows (NSIS installer), macOS (DMG + ZIP), Linux (AppImage) - Floating overlay UI with compact and expanded modes - Local execution: Puppeteer-core for browser, PowerShell/bash for terminal - Auto-updates via generic provider - Context isolation and sandbox security - Approval system: 4 modes (full_control, smart_approve, approve_all, off) ## Pricing The canonical, live pricing snapshot is always at https://coasty.ai/api/pricing (returns JSON with `schemaVersion`, subscription tiers, boost packages, metered rates, and per-minute agent rate). Below is a snapshot for offline reference. ### Subscription tiers (USD, monthly) - **Free** — $0/mo, 0 credits, 0 machines, 3 schedules. Free API tier. - **Lite** — $9/mo, 100 credits, 1 machine, 3 schedules. Folds to free API tier. - **Starter** — $19/mo, 200 credits, 1 machine, 3 schedules. Starter API tier. - **Plus** — $50/mo, 600 credits, 2 machines, 6 swarm agents, 10 schedules. Professional API tier. Highlighted plan. - **Pro** — $100/mo, 1,500 credits, 3 machines, 9 swarm agents, 10 schedules. Professional API tier. - **Enterprise** — contact sales. 50 schedules, custom limits. The average human virtual assistant costs $3,000/month and works 8 hours/day. Coasty works 24/7 for a small fraction of the cost. ### Boost packages (one-off, requires active paid subscription) - $19 → 150 credits ($0.13/credit) - $49 → 500 credits ($0.10/credit) - $99 → 1,200 credits ($0.083/credit) ### Per-call API rates (deducted from the same credit balance) - `POST /v1/predict` — 5 credits/call - `POST /v1/sessions` — 10 credits/call - `POST /v1/sessions/{id}/predict` — 3 credits/call - `POST /v1/ground` — 2 credits/call - `POST /v1/ocr` — 1 credit/call ### Long-running CUA agent jobs - 10 credits/minute - Minimum 20 credits to start a session - Maximum 6 hours per session ## Competitive Positioning | Feature | Coasty | Anthropic CU | OpenAI Operator | Browserbase | UiPath | Human VA | |---------------------|--------|--------------|-----------------|-------------|--------|----------| | OSWorld Score | 82% | ~15% | ~40% | N/A | N/A | N/A | | VM Isolation | Yes | No | No | Browser-only| No | N/A | | CAPTCHA Solving | Yes | No | No | Partial | No | Yes | | Desktop Control | Yes | Yes | No | No | Yes | Yes | | Browser Automation | Yes | Yes | Yes | Yes | Yes | Yes | | Multi-Model | Yes | No | No | N/A | N/A | N/A | | Desktop App | Yes | No | No | No | Yes | N/A | | MCP Server | Yes | Yes | No | No | No | N/A | | Public OpenAPI | Yes | Yes | Partial | Yes | Yes | N/A | | Sandbox Free Tier | Yes | No | No | Yes | No | N/A | | Open Source | Yes | No | No | Partial | No | N/A | | Price/month | $19 | Usage-based | $200 | $39 | $420+ | $3,000+ | | 24/7 Operation | Yes | Yes | Yes | Yes | Yes | No | ## Distribution - Live on Product Hunt, Hacker News (Show HN), DEV Community - Desktop app for Mac, Windows, Linux - Open-source framework on GitHub: https://github.com/anthropics/open-computer-use - MCP server source: https://github.com/coasty-ai/coasty-mcp - Blog with 20+ articles on AI agents, benchmarks, and case studies - Video case studies on YouTube ## Company - Founded: 2025 - Product: AI employee platform / computer-using agent - Mission: Make autonomous computer agents accessible and affordable - Twitter/X: @coasty_ai - GitHub: github.com/anthropics/open-computer-use - Website: https://coasty.ai - Support: founders@coasty.ai --- # For AI Agents — Programmatic Onboarding Everything below is the deep agent-onboarding section. If you are an LLM or autonomous agent reading this file, the rest of the document is what you need to call Coasty programmatically. ## 1. Discovery surfaces (single-shot answers) | Surface | URL | Purpose | |---|---|---| | Discovery manifest | https://coasty.ai/api/discovery | One JSON listing every other surface — start here | | OpenAPI 3.1 spec | https://coasty.ai/.well-known/openapi.json | 39 paths, 57 schemas, sandbox + production servers | | Pricing snapshot | https://coasty.ai/api/pricing | Live tier table, schema-versioned | | MCP server card | https://coasty.ai/.well-known/mcp/server-card.json | SEP-1649 server descriptor | | AI plugin manifest | https://coasty.ai/.well-known/ai-plugin.json | Legacy ChatGPT plugin format | | Sitemap | https://coasty.ai/sitemap.xml | Crawlable URLs with real lastModified | | robots.txt | https://coasty.ai/robots.txt | Cloudflare Content-Signal: search/ai-input/ai-train all welcomed | | Security policy | https://coasty.ai/.well-known/security.txt | Vulnerability reporting | ## 2. Authentication API keys are issued at https://coasty.ai/account/api-keys and have the format: ``` sk-coasty-{live|test}-<64 hex characters> ``` - **Live keys** (`sk-coasty-live-*`) charge against your real credit balance, provision real EC2/Azure VMs, and dispatch real webhooks. - **Sandbox keys** (`sk-coasty-test-*`) return mock VMs in under 50ms, bill 0 credits, but produce identical request/response shapes. Sandbox keys are perfect for CI, local development, and integration testing. Pass the key in either header — both are accepted on every endpoint: ``` X-API-Key: sk-coasty-live-abcd1234... Authorization: Bearer sk-coasty-live-abcd1234... ``` ### Scopes Each key carries a set of scopes. Default keys carry every scope; you can scope keys down at creation time (`POST /v1/keys` with a `scopes` array). Available scopes: - `predict`, `ground`, `ocr`, `parse`, `session` - `machines:read`, `machines:write`, `actions:exec` - `files:read`, `files:write`, `terminal:exec` - `schedules:read`, `schedules:write`, `triggers:write` ### Rate limits - 60 requests/minute, 1000/hour per key by default - Per-tier overrides at https://coasty.ai/api/pricing - Response headers: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset` ### Idempotency Every `POST` accepts an `Idempotency-Key` header (max 256 chars). Replay-safe for 24h. Same-key + same-body → same response. Same-key + different-body → 422 to prevent silent footguns. ### Versioning Breaking changes ship under a new path prefix (`/v2`, `/v3`). Within `/v1`, additive changes are allowed without notice; field removals require 90-day deprecation. ### Error envelope (consistent across all endpoints) ```json { "error": { "code": "INVALID_API_KEY", "message": "API key is invalid or has been revoked.", "type": "authentication_error", "request_id": "req_3f9c1ab8e2" } } ``` ## 3. Core /v1/* endpoints with curl examples ### Predict (stateless) ```bash curl -X POST https://coasty.ai/v1/predict \ -H "X-API-Key: sk-coasty-test-..." \ -H "Content-Type: application/json" \ -d '{"screenshot":"","instruction":"click the submit button"}' ``` Response includes a list of typed actions: `click`, `type_text`, `key_press`, `key_combo`, `scroll`, `drag`, `move`, `wait`, `done`, `fail`. Cost: 5 credits. ### Sessions (stateful, multi-step trajectories) ```bash # Open a session curl -X POST https://coasty.ai/v1/sessions \ -H "X-API-Key: sk-coasty-test-..." \ -H "Content-Type: application/json" \ -d '{"cua_version":"v3","model":"anthropic.claude-sonnet-4-20250514-v1:0"}' # Predict within it curl -X POST https://coasty.ai/v1/sessions/{session_id}/predict \ -H "X-API-Key: sk-coasty-test-..." \ -H "Content-Type: application/json" \ -d '{"screenshot":"","instruction":"open the menu"}' ``` Cost: 10 credits to open + 3 credits per predict. ### Ground (element coordinates) ```bash curl -X POST https://coasty.ai/v1/ground \ -H "X-API-Key: sk-coasty-test-..." \ -H "Content-Type: application/json" \ -d '{"screenshot":"","element":"the orange Submit button"}' ``` Returns `{ "x": 524, "y": 318 }`. Cost: 2 credits. ### Machines (managed VMs) ```bash # Provision curl -X POST https://coasty.ai/v1/machines \ -H "X-API-Key: sk-coasty-test-..." \ -H "Idempotency-Key: provision-once-2026-05-05" \ -H "Content-Type: application/json" \ -d '{"display_name":"my-vm","os_type":"linux","desktop_enabled":true}' # Drive it curl -X POST https://coasty.ai/v1/machines/{machine_id}/actions \ -H "X-API-Key: sk-coasty-test-..." \ -H "Content-Type: application/json" \ -d '{"action":"click","x":524,"y":318}' ``` 40+ allowlisted actions. Sandbox machines: free + instant. Production machines: charged at the agent-minute rate. ### Schedules (cron / webhook / email triggers) ```bash curl -X POST https://coasty.ai/v1/schedules \ -H "X-API-Key: sk-coasty-live-..." \ -H "Content-Type: application/json" \ -d '{ "name":"Daily Reddit check", "machine_id":"", "task_prompt":"Check r/MachineLearning for posts about Coasty", "frequency":"daily", "cron":"0 9 * * *", "timezone":"America/New_York" }' ``` Webhook triggers carry an HMAC-SHA256 signature header (`Coasty-Signature: t=,v1=`) — verify with the Stripe-style algorithm before dispatching. ## 4. MCP server — recommended for agent integration ``` # Install npx -y @coasty/mcp # Or pin a version npx -y @coasty/mcp@1.1.0 ``` ### Compatible MCP hosts - Claude Desktop (Anthropic) - Claude Code - Cursor - Windsurf - VS Code Copilot Agent - any client that speaks the Model Context Protocol ### Tool catalog (26 tools as of v1.1.0) - **predict** group (4 tools): `coasty_predict`, `coasty_ground`, `coasty_ocr`, `coasty_parse` - **machines** group (9 tools): list, get, provision, terminate, start, stop, screenshot, execute_action, run_terminal - **schedules** group (11 tools): list, get, create, update, delete, run_now, pause, resume, list_runs, add_trigger, remove_trigger - **account** group (1 tool): `coasty_get_credits` - **discovery** group (2 tools): `coasty_get_pricing`, `coasty_get_capabilities` — call these first to onboard with zero docs ### Quickstart for Claude Desktop ```json { "mcpServers": { "coasty": { "command": "npx", "args": ["-y", "@coasty/mcp"], "env": { "COASTY_API_KEY": "sk-coasty-test-..." } } } } ``` Drop into `~/Library/Application Support/Claude/claude_desktop_config.json` (Mac) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows). Restart Claude Desktop. Coasty's 26 tools appear in the tool drawer. ## 5. Webhook signing (HMAC-SHA256, Stripe-style) When a `triggers/webhook/{id}` POST fires, the body is signed with: ``` signed_payload = "." + raw_body_bytes signature = HMAC-SHA256(webhook_secret, signed_payload) header = "Coasty-Signature: t=,v1=" ``` Verify with the same construction. Reject signatures whose timestamp is outside ±5 minutes. Use `hmac.compare_digest` for the comparison. ## 6. Common integration recipes ### Recipe: Free-tier sandbox loop in CI 1. Create a sandbox key at https://coasty.ai/account/api-keys (prefix `sk-coasty-test-`). 2. In CI, run a smoke test that calls `POST /v1/predict` with a fixture screenshot. 3. Assert `actions[].action` is one of the documented action types. 4. No credits billed, deterministic mocks, runs in <50ms. ### Recipe: Multi-step trajectory for a customer-support workflow 1. `POST /v1/sessions` to open. 2. Loop: take a screenshot of the support tool, call `POST /v1/sessions/{id}/predict` with the latest screenshot + instruction. 3. Execute the returned actions on your VM (or use Coasty-managed machines). 4. Stop when the agent emits action `done`. ### Recipe: Schedule-driven automation 1. Provision a machine with `POST /v1/machines` (set `desktop_enabled: true` if you need a GUI). 2. Create a schedule with `POST /v1/schedules` referencing that machine. 3. Add a webhook trigger via `POST /v1/triggers` and store the returned `signing_secret`. 4. POST to `/v1/triggers/webhook/{webhook_id}` from your existing systems with the HMAC signature. 5. Coasty dispatches the agent; results land in `GET /v1/schedules/{id}/runs`. ## 7. Status, support, and links - Live status: https://status.coasty.ai - Interactive API docs: https://coasty.ai/api-docs - Computer-Use guides: https://coasty.ai/computer-use - Case studies: https://coasty.ai/results - Comparison pages (vs Anthropic / OpenAI / Browserbase / UiPath / Devin): https://coasty.ai/compare - Blog: https://coasty.ai/blog - Download desktop app: https://coasty.ai/download - Terms: https://coasty.ai/terms - Privacy: https://coasty.ai/privacy - Security disclosure: https://coasty.ai/.well-known/security.txt ### Contact - Support: founders@coasty.ai - Security: founders@coasty.ai - Sales / enterprise: sales@coasty.ai - Twitter/X: @coasty_ai