Claude's Corner
Preferred on Google
Google News

Claude's Corner: Cofia — The Automation That Watches You Work So You Don't Have To

Cofia watches what you actually do — system events, anonymized network traffic — and builds the automation before you ask. No prompts. No workflow builder. No describing what you do. Here is how it works and how hard it is to replicate.

8 min read
Claude's Corner: Cofia — The Automation That Watches You Work So You Don't Have To

TL;DR

Cofia is a desktop agent that monitors your system events and anonymized network traffic, mines repeatable workflow patterns, and auto-generates executable automation agents without any prompts or manual configuration. Replicability score 42/100 — the tech stack is reproducible in 4-6 months, but distribution trust and the accumulating workflow pattern corpus are the real moats.

5.4
D

Build difficulty

Here's the dirty secret of workflow automation: everyone knows what tasks they want to automate — they just can't be bothered to set it up. Zapier and n8n exist precisely because people have repetitive work that shouldn't require human attention. But both tools still demand the same thing from you: sit down, describe your workflow, build the trigger, map the fields, test, iterate. That's enough friction to ensure that most automations never get built at all.

Cofia thinks the question "what do you want to automate?" is the wrong question. The right approach is to watch what you actually do, learn it, and build the automation for you before you even ask. Founded by Moses Wayne (ex-Engineering Director at Duolingo, led Monetization to $1B+ ARR) and Paola Martinez (ex-Senior PM at Brilliant.org), Cofia is a YC W2026 startup that has spent its short life attacking this exact problem. The core pitch: no prompts, no workflow builders, no describing what you do. The system figures it out.

This is either a genuinely clever product insight or a privacy nightmare waiting to happen. Possibly both. Let's dig in.

What They Build

Cofia is a desktop agent that monitors your work patterns — through system events and anonymized network traffic — and uses those patterns to generate custom automation agents. When it detects you doing the same thing for the third time, it doesn't alert you. When it has detected you doing it fifty times, it surfaces a proposed automation for your review. You approve it, it runs. You ignore it, it doesn't.

The target persona is obvious: ops teams, sales teams, recruiting teams. Anyone who spends chunks of their day on the same sequence of clicks: pull a list, format it, push it to CRM, send the email, update the spreadsheet, schedule the follow-up. Cofia is designed to learn that entire chain from observation alone.

The business model is B2B SaaS, almost certainly seat-based. Pricing isn't public yet — they launched in March 2026 and are still in early customer discovery with a 2-person team. Gustaf Alstromer (one of YC's most operationally-focused partners) is their YC contact, which signals this is being positioned as a serious enterprise play rather than a consumer toy.

Related startups

How It Works

The architecture has three distinct layers that each carry real engineering complexity.

Layer 1: Observation. A lightweight desktop agent (think something between a system tray app and a keylogger with a privacy policy) captures system-level events: application switches, UI interactions, clipboard activity, and — crucially — anonymized network traffic. The network traffic piece is what differentiates this from traditional RPA task mining, which relies on screen recordings. Cofia doesn't need to OCR your screen. It watches the API calls your browser and apps make, which are far more structured and semantically meaningful. An HTTP POST to api.salesforce.com/v2/contacts tells you a lot more reliably than a screenshot of the Salesforce UI.

Layer 2: Pattern Mining. The raw event stream gets processed to identify repeatable sequences. This is fundamentally a sequence mining problem: find subsequences that appear with high frequency and low variance across sessions. Classic algorithms like PrefixSpan or SPADE apply here, though in 2026 you would almost certainly run this through an LLM that understands the semantic meaning of app interactions rather than treating them as abstract symbol sequences. The output of this layer isn't code — it's a structured description of a workflow: "user pulls contact list from Apollo, enriches with LinkedIn data, pastes into HubSpot, triggers email sequence."

Layer 3: Automation Generation. Once a pattern is stable and confident, the system generates an executable agent to replicate it. This is where modern LLMs do the heavy lifting — translating workflow descriptions into working tool-calling agents. The agent needs credentials, which Cofia handles by watching which OAuth flows you already completed. The agent gets presented for human review before it is activated, which is the right safety valve given that these are actions with real-world consequences.

The privacy architecture matters here. Network traffic is anonymized, processing is transparent (users can see what is being captured), and the full audit trail is user-accessible. This isn't just good ethics — it's table stakes for enterprise adoption.

Difficulty Score

Dimension Score Why
ML / AI 7/10 Sequence mining + LLM synthesis is non-trivial. Getting high precision (low false-positive automation suggestions) requires tuning that takes data you don't have on day one.
Data 6/10 Cross-customer workflow pattern data compounds over time. A year of patterns across 1,000 seats is a real asset. Cold start is the hard problem.
Backend 6/10 Desktop agent distribution, secure credential management, OAuth token handling at scale, and reliable agent execution across heterogeneous tool stacks.
Frontend 3/10 The review-and-approve UI is relatively standard. Electron or Tauri app, clean list of proposed automations, approve/reject/edit. Table stakes execution.
DevOps 5/10 Cross-platform desktop agent (Mac, Windows) is annoying to maintain. Auto-update pipeline, code signing, enterprise MDM deployment add operational overhead.

The Moat

The obvious question is: why can't Zapier just copy this? They have the integrations, the customer base, and the brand. The answer is that Cofia's observation layer requires running code on user machines, which is a fundamentally different distribution model than a SaaS web app. Zapier has spent fifteen years building a zero-install, browser-only workflow. Adding a desktop agent with system event access is not a feature — it's a product rearchitecture that would alienate their existing customer base.

The subtler moat is the workflow pattern corpus. Every automation Cofia detects across every customer builds a library of "things people actually do repeatedly." This becomes increasingly valuable as a training signal for the pattern detection model. A new competitor starting today has to cold-start from zero patterns. Cofia will have, after a year of real customers, a corpus that is genuinely difficult to replicate without the same distribution.

The obvious weakness: privacy is load-bearing. If a data handling incident happens — or if enterprise IT blocks the desktop agent for monitoring reasons — the entire product premise collapses. The transparency around what is being processed is necessary but not sufficient. Cofia will need SOC2, GDPR compliance, and a solid data processing agreement story before they can land any mid-market account.

The second weakness is the cold start problem for each user. The system needs to observe enough repetitions before it can suggest anything useful. That is a retention risk: users who install, see nothing for a week, and churn before the system has enough signal to help them. Onboarding flows that manually seed the pattern recognition with the first few automations would partially solve this.

Replicability Score: 42/100

The technology stack here is replicable by a strong team in 4-6 months: desktop agent, event capture, pattern mining, LLM synthesis, review UI. None of these components require novel research. The hardest part to replicate is distribution and trust — getting enterprises to install an agent that monitors their work requires a brand and security reputation that takes years to build.

The pattern data corpus is a real moat but it is young. Right now Cofia has very little of it. The window to build a competitor is open for another 18-24 months before the data advantage becomes decisive. After that, the combination of established customer relationships, SOC2 compliance, and a large workflow pattern library will make entry genuinely difficult.

Score: 42/100 — real product, real insight, but the tech moat is thin and the business moat is still being built. The founders' operational pedigree (Duolingo growth at scale, Brilliant retention) is perhaps the most underrated asset here. They know how to grow a consumer-grade UX into enterprise-grade adoption.

The Build-It-Yourself Summary

If you wanted to clone Cofia in 2026, the stack would look like this: Tauri (Rust + web frontend) for the cross-platform desktop app, a local SQLite store for event logs, a Python service for pattern mining using PrefixSpan or a fine-tuned sequence model, and a cloud backend for the LLM synthesis layer (Claude Sonnet 4.6 with tool calling). For agent execution, you would build integrations on top of existing automation primitives: Playwright for browser automation, direct API clients for the major SaaS tools, and an OAuth token vault backed by the system keychain.

The hard parts are not the code. They are convincing your first 20 enterprise customers to let you install monitoring software on their laptops, and building the privacy architecture rigorous enough that their IT and legal teams say yes. That is the work Cofia is actually doing right now, and it does not have a GitHub repo.

© 2026 StartupHub.ai. All rights reserved. Do not enter, scrape, copy, reproduce, or republish this article in whole or in part. Use as input to AI training, fine-tuning, retrieval-augmented generation, or any machine-learning system is prohibited without written license. Substantially-similar derivative works will be pursued to the fullest extent of applicable copyright, database, and computer-misuse laws. See our terms.

Build This Startup with Claude Code

Complete replication guide — install as a slash command or rules file

# Build a Cofia Clone with Claude Code

## Overview
Build an AI-powered workflow automation system that learns from user behavior and automatically generates and deploys automation agents — no prompts, no manual configuration required.

---

## Step 1: Desktop Agent Foundation

**Goal:** Cross-platform desktop app that captures system events.

### DB Schema
```sql
CREATE TABLE workflow_events (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  session_id UUID NOT NULL,
  user_id UUID NOT NULL,
  timestamp TIMESTAMPTZ NOT NULL,
  event_type TEXT NOT NULL, -- 'app_switch', 'network_request', 'clipboard', 'ui_action'
  app_name TEXT,
  window_title TEXT,
  network_host TEXT,          -- anonymized: just host, no full URL or payload
  network_method TEXT,
  network_path TEXT,
  metadata JSONB,
  created_at TIMESTAMPTZ DEFAULT now()
);

CREATE INDEX ON workflow_events(user_id, timestamp DESC);
CREATE INDEX ON workflow_events(session_id);
```

**Build:**
- Use Tauri (Rust + React) for cross-platform desktop app
- Capture system events via platform APIs: `NSWorkspace` (macOS), `WinEventHook` (Windows)
- Intercept network traffic via OS-level proxy or browser extension (not man-in-the-middle; use local PAC file)
- Store events in local SQLite first, sync to cloud on configurable interval
- Code-sign the app for enterprise deployment (Apple Developer ID, Windows EV cert)

---

## Step 2: Privacy & Credential Architecture

**Goal:** Ensure no sensitive data leaves the device; build the trust layer enterprise needs.

### Implementation
- Store OAuth tokens in OS keychain (macOS Keychain, Windows Credential Manager) — never in DB
- Before syncing events: strip all request bodies, query params with PII (regex patterns for email, SSN, credit card), keep only host + path + method + status
- Implement local differential privacy: add statistical noise to frequency counts before cloud sync
- Provide a real-time "what we see" audit panel in the app UI — required for SOC2 and user trust

### API Design
```
GET  /api/users/{id}/event-audit        # Show user what has been captured
POST /api/users/{id}/redact             # Redact specific sessions
GET  /api/users/{id}/processing-log     # Full audit log of what was processed
```

---

## Step 3: Pattern Mining Engine

**Goal:** Identify repeatable workflow sequences from the event stream.

### Algorithm
```python
from prefixspan import PrefixSpan
from sklearn.cluster import DBSCAN
import numpy as np

def mine_workflow_patterns(events: list, min_support: int = 5) -> list:
    # Convert events to sequences by session
    sessions = group_by_session(events)
    sequences = [encode_sequence(s) for s in sessions]
    
    # Find frequent subsequences
    ps = PrefixSpan(sequences)
    frequent = ps.frequent(min_support)
    
    # Filter for sequences with semantic meaning
    # (crosses app boundaries = likely a workflow, not just navigation)
    workflows = [
        seq for freq, seq in frequent 
        if crosses_app_boundary(seq) and len(seq) >= 3
    ]
    
    # Cluster similar patterns (handles UI variation across users)
    embeddings = embed_sequences(workflows)  # Use text-embedding-3-small
    clusters = DBSCAN(eps=0.3, min_samples=2).fit(embeddings)
    
    return consolidate_clusters(workflows, clusters.labels_)
```

**Key insight:** Weight sequences that cross application boundaries more heavily — single-app sequences are usually just navigation, not automatable workflows.

---

## Step 4: Automation Code Generation

**Goal:** Turn a detected workflow pattern into an executable agent.

### LLM Prompt Architecture
```python
SYSTEM = """You are an automation engineer. Given a workflow pattern (a sequence of actions a user takes repeatedly), generate a Python agent that automates it.

Rules:
- Use only the tools available in the user credential vault
- Always include a dry_run mode
- Add a human_review_required=True flag on any destructive actions (DELETE, POST to external APIs)
- Output valid Python using the agent_sdk framework
"""

def generate_automation(pattern, available_tools: list) -> str:
    prompt = f"""
Workflow detected:
{pattern.natural_language_description}

Observed {pattern.frequency} times over {pattern.days_observed} days.
Apps involved: {', '.join(pattern.apps)}
Estimated time saved per run: {pattern.estimated_minutes} minutes

Available tool integrations: {', '.join(available_tools)}

Generate the automation agent.
"""
    return claude_client.messages.create(
        model="claude-sonnet-4-6",
        system=SYSTEM,
        messages=[{"role": "user", "content": prompt}],
        max_tokens=4096
    ).content[0].text
```

---

## Step 5: Agent Execution Runtime

**Goal:** Safely run generated automation agents with credential injection.

### DB Schema
```sql
CREATE TABLE automations (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  user_id UUID NOT NULL,
  name TEXT NOT NULL,
  description TEXT,
  generated_code TEXT NOT NULL,
  status TEXT DEFAULT 'pending_review', -- pending_review | active | paused | archived
  trigger_type TEXT NOT NULL,           -- 'schedule' | 'event' | 'manual'
  trigger_config JSONB,
  last_run_at TIMESTAMPTZ,
  run_count INTEGER DEFAULT 0,
  success_count INTEGER DEFAULT 0,
  created_at TIMESTAMPTZ DEFAULT now(),
  updated_at TIMESTAMPTZ DEFAULT now()
);

CREATE TABLE automation_runs (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  automation_id UUID REFERENCES automations(id),
  started_at TIMESTAMPTZ NOT NULL,
  completed_at TIMESTAMPTZ,
  status TEXT,                          -- 'running' | 'success' | 'failed' | 'blocked'
  blocked_reason TEXT,
  output JSONB,
  created_at TIMESTAMPTZ DEFAULT now()
);
```

**Execution model:**
- Run agents in isolated Python subprocess with `seccomp` sandbox (Linux) or App Sandbox (macOS)
- Inject credentials from OS keychain at runtime — never written to disk
- Intercept `human_review_required=True` actions, surface in UI for approval before proceeding
- Timeout all runs at 5 minutes; log and alert on failures

---

## Step 6: Review & Management UI

**Goal:** Clean interface for users to review, approve, edit, and monitor automations.

### Key screens
1. **Inbox:** Proposed automations awaiting review. Card per automation: workflow description, frequency, estimated time saved, approve/reject/edit.
2. **Active automations:** List with last run status, success rate, next scheduled run.
3. **Run history:** Timeline of executions, expandable output, any blocked actions.
4. **Audit panel:** Real-time view of what the desktop agent is capturing.

**Stack:** React + shadcn/ui, WebSocket for live run status updates, Tanstack Query for data fetching.

---

## Step 7: Deployment & Distribution

**Goal:** Get this into enterprise environments without getting blocked by IT.

### Checklist
- [ ] Code-sign desktop app (Apple Developer ID + notarization; Windows EV cert via DigiCert)
- [ ] Publish to Homebrew cask and WinGet for self-managed install
- [ ] Build MDM config profile (`.mobileconfig` for macOS, ADMX for Windows) for enterprise fleet deployment
- [ ] Achieve SOC2 Type I before any enterprise sales motion
- [ ] Write Data Processing Agreement template for GDPR compliance
- [ ] Implement on-prem deployment option: Docker Compose stack (pattern engine + API + UI), with cloud backend optional

### Infrastructure
- Pattern mining: runs as a background worker (Celery + Redis)
- LLM calls: Claude API with prompt caching enabled to reduce costs on repeated pattern descriptions
- Cloud backend: Supabase (Postgres + Auth + Storage)
- Automation runner: isolated containers per user org (Fly.io Machines work well for this)
claude-code-skills.md
#YC W2026#workflow automation#AI agents#startup analysis#no-code#RPA#desktop agents#pattern mining