DEV.co
MCP Servers · ghostwright

ghost-os

Ghost OS is a macOS-native tool that enables AI agents to see and control any application on your computer through the accessibility tree, with optional visual fallback. It learns workflows as reusable JSON recipes, eliminating repetitive reasoning and supporting any macOS app—not just browsers.

Source: GitHub — github.com/ghostwright/ghost-os
1.6k
GitHub stars
152
Forks
Swift
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryghostwright/ghost-os
Ownerghostwright
Primary languageSwift
LicenseMIT — OSI-approved
Stars1.6k
Forks152
Open issues9
Latest releasev2.2.1 (2026-03-12)
Last updated2026-03-23
Sourcehttps://github.com/ghostwright/ghost-os

What ghost-os is

Swift-based MCP server that exposes 29 tools for accessibility tree introspection, element interaction (click, type, drag, scroll), and local vision fallback (ShowUI-2B). Captures user actions via CGEvent tap to synthesize learnable recipes. Designed as MCP-compatible interface for Claude Code, Cursor, and VS Code.

Quickstart

Get the ghost-os source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/ghostwright/ghost-os.gitcd ghost-os# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Automating native macOS workflows

Automate Slack messages, Finder operations, email composition, and other native app tasks where screenshots fail but accessibility tree is rich. Agents can repeat learned recipes reliably without recomputing strategy.

Reducing API/vision costs in AI automation

By reading structured accessibility data instead of taking screenshots, reduces reliance on vision models and eliminates per-execution LLM reasoning once a recipe is learned. Significant cost savings for high-frequency tasks.

Building self-improving AI workflows

User demonstrates a task once; Ghost OS captures it as a parameterized, JSON recipe that an agent can reuse or share. Suitable for teams building internal automation that benefits from human teaching moments.

Implementation considerations

  • Requires macOS 14+, Swift 6.2, and MCP client integration (Claude Code, Cursor, VS Code, or compatible). Verify your environment meets these before deployment.
  • Input Monitoring permission must be configured via `ghost setup`. Test on target Macs to ensure permission dialogs are approved; cannot be automated remotely.
  • Vision model (ShowUI-2B) is downloaded during setup. Bandwidth and storage must be accounted for; model size not documented. Verify download succeeds in your network environment.
  • Recipes are JSON—review them before execution to understand all actions your agent will perform. Establish approval workflows if agents run in regulated or sensitive environments.
  • Accessibility tree richness varies by app. Web apps and third-party tools may fall back to vision model. Test critical workflows with your specific app set before relying on this in production.

When to avoid it — and what to weigh

  • You need cross-platform or Windows support — MacOS 14+ only. No Linux or Windows versions documented. If multi-OS is required, this is not suitable.
  • Your workflows depend on third-party vision APIs — Ghost OS uses a local vision model (ShowUI-2B) for fallback. If your compliance or architecture requires cloud-based vision services, this design may conflict.
  • You cannot grant Input Monitoring permission — Recipe learning requires macOS Input Monitoring permission. Restricted endpoints or hardened security policies may prevent setup. Verify permissions can be granted before deployment.
  • You need production-grade uptime guarantees — Project is ~1 month old (created Feb 2026), with 1571 stars but limited real-world deployment data. Not suitable for mission-critical automation without extensive internal testing.

License & commercial use

Licensed under MIT License. Permissive OSI-approved license: allows commercial use, modification, and distribution with attribution. No copyleft obligations. License is unambiguous.

MIT License explicitly permits commercial use. However, project is extremely young (created Feb 2026, latest release March 2026) with limited adoption data and no documented SLAs or commercial support. Assess production readiness independently. Recommended: evaluate as internal tool or pilot with vendor support before critical business reliance.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceMedium
Security considerations

Ghost OS grants AI agents broad control over your Mac via accessibility APIs. Key considerations: (1) Input Monitoring permission enables recording of all keystrokes and mouse events—sensitive in multi-user or shared systems. (2) Recipes are JSON; audit them before running to prevent unintended actions (data exfiltration, credential exposure). (3) MCP client (e.g., Claude Code) must be trusted; Ghost OS has no built-in authentication or access control—an agent can perform any action you can perform. (4) Local vision model and user action data remain on-device, but accessibility tree and recipe parameters may be logged. (5) No explicit security audit, key rotation, or vulnerability disclosure process documented. Assess for your threat model and data sensitivity. Recommended: run on isolated machines or user accounts when automating sensitive workflows.

Alternatives to consider

Anthropic Computer Use (via API)

Screenshot-based; cloud-hosted; works on any platform and app. Trade-off: slower (vision inference cost), less structured data, no recipe learning. Suitable if cross-platform support is critical.

OpenAI Operator

Browser-focused computer use. Cloud-dependent; no native app support; no recipe concept. Lighter-weight if you only need web automation and cost is not a primary concern.

OpenClaw

Browser DOM + accessibility tree; MIT licensed; local execution. Narrower scope (browsers only) but similar philosophy. Consider if you don't need native macOS app automation.

Software development agency

Build on ghost-os with DEV.co software developers

Start with a pilot on non-critical tasks. Review recipes before execution. Assess input monitoring permissions and MCP integration with your environment. Contact our team to discuss production readiness and security posture.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

ghost-os FAQ

Can I use Ghost OS on Windows or Linux?
No. MacOS 14+ only. Relies on macOS accessibility APIs, CGEvent, and other platform-specific frameworks. No cross-platform roadmap documented.
Does Ghost OS send my data to the cloud?
No. Vision model and action data remain local. However, the MCP client (e.g., Claude Code) may send context to external AI services depending on your setup. Verify your MCP client's privacy policy.
Can I share recipes between team members?
Yes. Recipes are JSON files. Share them via Git, internal file storage, or other channels. Each user runs `ghost setup` on their own Mac; recipes are portable.
What happens if the accessibility tree doesn't expose an element?
Ghost OS falls back to ShowUI-2B, a local vision model, for visual grounding. If vision also fails, the agent may not find the element. Test your critical workflows with your app set in advance.

Work with a software development agency

Need help beyond evaluating ghost-os? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and mcp servers integrations — and maintain them long-term.

Ready to automate your macOS workflows?

Start with a pilot on non-critical tasks. Review recipes before execution. Assess input monitoring permissions and MCP integration with your environment. Contact our team to discuss production readiness and security posture.