Documentation
Complete documentation for klaas CLI. Learn how to install, configure, and use klaas for remote access to your AI coding agent sessions.
Introduction to klaas
What is klaas?
klaas is a command-line tool that wraps AI coding agents like Claude Code, Gemini CLI, and Codex CLI, adding remote access capabilities. Start a coding session on your desktop, then monitor progress and send instructions from your phone while grabbing coffee.
Key Features
Real-time Streaming
See terminal output character by character, from any device, as it happens.
Multi-device Access
Start on desktop, check progress from your phone while grabbing coffee.
End-to-End Encrypted
Your terminal sessions are encrypted client-side. Not even the klaas team can read your data.
Multi-Agent Support
Works with Claude Code, Gemini CLI, Codex CLI, GitHub Copilot, Aider, and more.
Permission Notifications
Get notified when your agent needs approval (for supported agents).
Remote Input
Send prompts and approve tool calls from anywhere.
How It Works
┌─────────────────────────────────────────────────────────────────┐
│ Your Machine │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ klaas CLI │ │
│ │ │ │
│ │ ┌─────────────┐ ┌─────────────────────────┐ │ │
│ │ │ PTY │─────▶│ Agent CLI or Shell │ │ │
│ │ │ Manager │◀─────│ (Claude, Gemini, Bash…) │ │ │
│ │ └──────┬──────┘ └─────────────────────────┘ │ │
│ │ │ │ │
│ │ │ captures all I/O │ │
│ │ ▼ │ │
│ │ ┌─────────────────────────────────────────────┐ │ │
│ │ │ I/O Multiplexer │ │ │
│ │ └──────┬────────────────────────┬─────────────┘ │ │
│ │ │ │ │ │
│ └──────────┼────────────────────────┼─────────────────────┘ │
│ │ │ │
│ ▼ │ (when attached) │
│ ┌─────────────────┐ │ │
│ │ Local Terminal │ │ │
│ │ (your screen) │ │ │
│ └─────────────────┘ │ │
└───────────────────────────────────────┼─────────────────────────┘
│
│ WebSocket (E2EE)
▼
┌─────────────────┐
│ klaas Cloud │
│ (Cloudflare) │
└────────┬────────┘
│
┌──────────────┼──────────────┐
│ │ │
▼ ▼ ▼
┌──────────────┐ ┌───────────┐ ┌─────────────┐
│ Web Dashboard│ │ CLI Guest │ │Other Clients│
│ (browser) │ │ (E2EE) │ │ │
└──────────────┘ └───────────┘ └─────────────┘- klaas spawns your chosen agent (or a regular shell) inside a pseudo-terminal (PTY)
- All input/output is captured and displayed on your local terminal
- When attached, encrypted output streams to the klaas cloud in real-time
- Access your session remotely from the web dashboard or another CLI as a guest
- For agents with hooks support, permission requests trigger notifications
Installation
Install klaas on macOS, Linux, or Windows in seconds. Choose your preferred installation method below.
macOS, Linux, WSL:
curl -fsSL https://klaas.sh/install.sh | bashWindows PowerShell:
irm https://klaas.sh/install.ps1 | iexWindows CMD:
curl -fsSL https://klaas.sh/install.cmd -o install.cmd && install.cmdVerifying Installation
After installation, verify klaas is working:
klaas --versionQuickstart
Get up and running with klaas in under a minute.
Prerequisites
Before using klaas, ensure you have at least one supported AI coding agent installed:
| Agent | Installation |
|---|---|
| Claude Code | code.claude.com |
| Gemini CLI | ai.google.dev/gemini-cli |
| Codex CLI | openai.com/codex |
| GitHub Copilot | github.com/features/copilot |
| Mistral Vibe | mistral.ai |
| Aider | aider.chat |
| Goose | github.com/block/goose |
| Open Interpreter | openinterpreter.com |
Step 1: Start klaas
Simply run:
klaasIf you have multiple agents installed, klaas displays an interactive selector. Use arrow keys or the shortcut key (shown in brackets) to select your agent.
Step 2: Authenticate
On first run, klaas prompts you to authenticate. A browser window opens automatically. Log in with your klaas account and approve the device. The CLI then receives your credentials securely with end-to-end encryption.
Your credentials are stored in your system keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service).
Step 3: View Your Session
Open klaas.sh in any browser, log in, and navigate to Sessions. You'll see your active session streaming in real-time.
From the web dashboard, you can:
- Watch terminal output as it happens
- Send text input to your agent
- Approve permission requests (for supported agents)
CLI Commands
Complete reference for all klaas command-line commands.
klaas
The main command to start a new agent session with remote access enabled.
klaas [options] [-- agent-args...]Examples
# Start with auto-detected agent
klaas
# Start with a specific agent
klaas --agent claude
klaas -a gemini
# Start with a named session (for easy reconnection)
klaas --name refactor-tests
klaas -n api-work -a claude
# Resume the previous session
klaas --resume
# Pass arguments through to the agent
klaas -- --model sonnet --allowedTools "Bash(git*)"
klaas -a claude -- -p "Help me refactor this code"Options
| Short | Long | Description |
|---|---|---|
-a | --agent <AGENT> | Select which agent to run (e.g., claude, gemini, codex). |
-h | --help | Show help message. |
-n | --name <NAME> | Set a name for this session. Names must be unique within your organization. Makes it easy to reconnect with klaas connect <name>. |
-r | --resume | Resume the previous session instead of starting a new one. |
-v | --version | Print version information. |
Arguments after -- are passed directly to the agent. This lets you use any flags your agent supports.
klaas uses clear terminology for session roles:
- Host — The CLI instance that started the session and owns the terminal (PTY)
- Guest — Any client connecting to view and interact with a session
The CLI can act as both host (starting sessions) and guest (connecting to existing sessions). The web dashboard and mobile apps act as guests only.
klaas agents
List all installed AI coding agents that klaas can use.
klaas agentsExample Output
Installed agents:
claude - Anthropic Claude Code
gemini - Google Gemini CLI
aider - AiderAgents without any installed binaries are not shown.
klaas connect
Connect to an existing session as a guest. You can specify either a session ID or a session name.
klaas connect <session-id|session-name>Examples
# Connect by session name
klaas connect refactor-tests
klaas connect api-work
# Connect by session ID
klaas connect 01HQXK7V8G3N5M2R4P6T1W9Y0ZWhen connected as a guest, you have full terminal interaction:
- See all terminal output in real-time
- Send keystrokes to the session
- All data is end-to-end encrypted
Session names must be unique within your organization. If you try to start a session with a name that's already in use, you'll be prompted to choose a different name.
klaas sessions
List your available sessions with interactive selection. Navigate with arrow keys and press Enter to connect as a guest.
klaas sessionsExample Output
Your klaas sessions
● refactor-tests ~/projects/myapp 2 minutes ago
01HQXK7V8G3N5M2R4P6T1W9Y0Z attached
api-work ~/work/api 1 hour ago
01HQXK8W9H4O6N3S5Q7U2X0Z1A detached
Use ↑↓ arrows and Enter. Esc to cancel.Sessions with a green dot (●) have an active host connection. Session names are set with klaas -n <name>.
klaas uninstall
Remove klaas from your system.
klaas uninstall [--purge]Options
| Flag | Description |
|---|---|
--purge | Also remove user data (credentials and config) without prompting. |
This command removes:
- The klaas binary
- Cache directory (
~/Library/Caches/klaas/on macOS,~/.cache/klaas/on Linux) - Optionally: user data directory (
~/.klaas/)
klaas upgrade
Upgrade klaas to the latest version.
klaas upgradeAlias: klaas update
This command:
- Checks for the latest version on GitHub releases
- Downloads the appropriate binary for your platform
- Replaces the current installation
klaas automatically checks for new versions and upgrades itself when a new version is available .
Remove klaas from your system.
klaas uninstall [--purge]Options
| Flag | Description |
|---|---|
--purge | Also remove user data (credentials and config) without prompting. |
This command removes:
- The klaas binary
- Cache directory (
~/Library/Caches/klaas/on macOS,~/.cache/klaas/on Linux) - Optionally: user data directory (
~/.klaas/)
Supported Agents
klaas supports multiple AI coding agents out of the box:
| Agent | ID | Shortcut | Hooks Support |
|---|---|---|---|
| Anthropic Claude Code | claude | [A] | Full |
| Google Gemini CLI | gemini | [G] | Full |
| OpenAI Codex CLI | codex | [O] | Partial |
| GitHub Copilot | copilot | [C] | None |
| Mistral Vibe | vibe | [M] | None |
| Aider | aider | - | None |
| Goose | goose | - | None |
| Open Interpreter | interpreter | - | None |
Hooks Support indicates whether klaas can receive notifications when the agent requests permissions: Full = permission requests trigger notifications, Partial = some events supported, None = output streaming only.
Global Flags
Flags that work with any klaas command.
| Short | Long | Description |
|---|---|---|
-h | --help | Show help for the command |
-v | --version | Show klaas version |
Configuration File
Customize klaas behavior with a TOML configuration file.
klaas reads configuration from TOML files in two locations:
- Project-level:
./.klaas/config.toml(in your project directory) - User-level:
~/.klaas/config.toml(in your home directory)
Project-level configuration takes precedence over user-level.
Basic Configuration
# Default agent when multiple are available
default_agent = "claude"
# Only show these agents (even if others are installed)
only = ["claude", "gemini"]
# Or add agents to the built-in list
also = ["my-custom-agent"]
# Disable anonymous analytics (tracks install/upgrade/uninstall
# events with version and platform only, no personal data)
analytics = falseonly and also are mutually exclusive. Use only to restrict to a specific set of agents, or also to add custom agents alongside the built-in ones.
Custom Agent Definitions
Define your own agents with full configuration:
[agents.my-agent]
# Required: command to execute
command = "/path/to/my-agent"
# Required: human-readable name
name = "My Custom Agent"
# Optional: alternative binary names for detection
detect = ["my-agent", "myagent"]
# Optional: default arguments
args = ["--verbose"]
# Optional: hooks type ("claude", "gemini", "codex", or "none")
hooks_type = "claude"
# Optional: single-letter shortcut for interactive selection
shortcut = "X"
# Optional: run through shell (for complex commands)
shell = falseFull Example
# Default agent when multiple are available
default_agent = "claude"
# Only show these agents (even if others are installed)
# Mutually exclusive with `also`
only = ["claude", "gemini"]
# Add custom agents alongside built-in ones
# Mutually exclusive with `only`
also = ["my-custom-agent"]
# Custom agent definitions
[agents.my-custom-agent]
command = "/path/to/my-agent"
name = "My Custom Agent"
detect = ["my-agent", "myagent"] # Binary names to check
hooks_type = "claude" # "claude", "gemini", "codex", or "none"
shortcut = "X" # Single letter for selection menu
shell = false # Run through shell (default: false)
args = ["--verbose"] # Default arguments
# Notification settings
[notifications]
enabled = true
events = ["permission_request", "task_complete"]
# Multi-connection input configuration
[session.input]
mode = "auto-lock" # "host-only", "auto-lock", or "free-for-all"
idle_timeout_ms = 1500 # Lock timeout for auto-lock mode (ms)
# Analytics (tracks install/upgrade/uninstall
# events with version and platform only, no personal data)
analytics = true # Set to false to disableSession Management
Understanding how klaas manages terminal sessions.
Session Lifecycle
When you run klaas, it:
- Authenticates (if needed) using device authorization flow with E2EE
- Detects agents and presents a selection if multiple are installed
- Spawns the agent (or shell) in a pseudo-terminal (PTY)
- Captures all I/O and displays it on your local terminal
- Streams output encrypted to the klaas cloud (when attached)
- Handles remote input from web dashboard or CLI guest connections
Resuming Sessions
Use --resume to continue your previous session:
klaas --resumeThis reconnects to the most recent session rather than starting fresh.
Session Storage
Sessions are stored encrypted on klaas servers. Only you can decrypt them using your account credentials. Session metadata (timestamps, status) is stored in plaintext for functionality.
Remote Access
Access your terminal sessions from anywhere.
Viewing Sessions
- Go to klaas.sh
- Log in with your account
- Navigate to Sessions
- Click on an active session to view it
The terminal view shows real-time output as it happens on your local machine.
Sending Input
From the web dashboard or CLI guest connection, you can:
- Type text: Type and press Enter to send input to the session.
- Approve permissions: When your agent requests permission, a notification appears. Click to approve or deny.
CLI Guest Mode
You can also connect to sessions from another terminal using the CLI:
# List your sessions
klaas sessions
# Connect to a session by name or ID
klaas connect my-sessionGuest connections use the same E2EE as the web dashboard—the server cannot see your session content.
Guest Access
Multiple guests can connect to a session simultaneously (web dashboard, CLI, mobile). Each guest sees real-time output and can send input based on the session's input mode.
- Host attached: Guests can view and send input (based on input mode)
- Host detached: Guests have read-only access (can view history)
See Multi-Connection Input Modes for details on controlling who can type.
Multi-Connection Input Modes
Control how input is handled when multiple clients connect to your session.
When multiple clients connect to the same session (e.g., from your desktop CLI, phone browser, and tablet), you can control who is allowed to send terminal input. Configure this via the [session.input] section in your config file.
Input Modes
| Mode | Description |
|---|---|
host-only | Only the host CLI can send input. Dashboard users can view only. |
auto-lock | First keystroke acquires a lock. Others see who is typing. Lock auto-releases after idle timeout. (default) |
free-for-all | Anyone can send input anytime. Use with caution. |
Auto-Lock Mode (Default)
auto-lock provides the best experience for most use cases:
- Start typing from any connected device to acquire the input lock
- Other clients see a "typing" indicator (e.g., "MacBook Pro typing")
- Continue typing to keep the lock active
- Lock automatically releases after idle timeout (default: 1500ms)
- Any device can then acquire the lock by typing
Configuration
Add to your ~/.klaas/config.toml:
[session.input]
# Input mode: "host-only", "auto-lock", or "free-for-all"
mode = "auto-lock"
# Lock idle timeout in milliseconds (for auto-lock mode)
idle_timeout_ms = 1500Example Configurations
# View-only for dashboard users (most restrictive)
[session.input]
mode = "host-only"
# Auto-lock with longer timeout
[session.input]
mode = "auto-lock"
idle_timeout_ms = 3000 # 3 seconds
# Open input from any client (least restrictive)
[session.input]
mode = "free-for-all"Dashboard Status Indicators
The Dashboard terminal displays the current input status:
| Status | Meaning |
|---|---|
| Ready | You can type (auto-lock mode, no lock held) |
| Typing | You hold the input lock |
| [Name] typing | Another client holds the lock |
| View Only | host-only mode or host disconnected |
| Open | free-for-all mode, anyone can type |
The input mode is set by the host when starting a session and cannot be changed by guests. To change the mode, restart the session with a different configuration.
Security
How klaas protects your terminal data.
End-to-End Encryption
klaas implements end-to-end encryption (E2EE) ensuring that only you can read your terminal sessions—not even the klaas team can decrypt your data.
┌──────────────────────────────────────────────────────────────────┐
│ Your Password │
└──────────────────────────────────────────────────────────────────┘
│
┌────────────┴────────────┐
▼ ▼
┌─────────────┐ ┌─────────────┐
│ Auth Key │ │ Enc Key │
│ (for login) │ │(for crypto) │
└──────┬──────┘ └──────┬──────┘
│ │
▼ ▼
┌─────────────┐ ┌─────────────────────────────┐
│ Server │ │ Master Key (MEK) │
│ verifies │ │ - Stored encrypted on server│
│ login │ │ - Decrypted only on your │
└─────────────┘ │ devices │
└──────┬──────────────────────┘
│
┌────────────────────────┼────────────────────────┐
▼ ▼ ▼
┌───────────┐ ┌───────────┐ ┌─────────────┐
│ Dashboard │ │ CLI │ │Other Clients│
│(password) │ │ (pairing) │ │ │
└───────────┘ └───────────┘ └─────────────┘
Server cannot decrypt your sessions - only your devices can.Key Principles
- Zero-Knowledge Architecture: The server stores only encrypted data and your password-protected master key. Without your password, the data is unreadable.
- Client-Side Encryption: All encryption and decryption happens on your devices. The server never sees plaintext content.
- Multi-Device Access: All authenticated devices share the same master key. The Dashboard uses your password; the CLI pairs securely without needing it.
- Password-Protected Keys: Your master encryption key is encrypted with a key derived from your password. If you forget your password, your data cannot be recovered (by design).
What's Protected
| Data | Protection |
|---|---|
| Terminal output | AES-256-GCM encrypted |
| Terminal input | AES-256-GCM encrypted |
| Session metadata | Plaintext (for functionality) |
| Authentication tokens | Separate (Device Flow + E2EE) |
Credential Storage
klaas stores authentication credentials securely using your operating system's native credential storage:
- macOS: Keychain
- Windows: Credential Manager
- Linux: Secret Service (libsecret)
No sensitive data is written to disk in plain text.