The Rollout desktop app connects a local device to your account. It runs workflow actions that need your machine: shell commands, Claude Code and Codex sessions, browser automation, and anything that should wait for your approval before it executes.

Status: Alpha (features may change).

What it enables

  • Run Command node — run a shell command on a connected device
  • Claude Code node — run a Claude Code task on a connected device
  • Codex node — run a Codex task on a connected device
  • Browser Automation node — run Playwright scripts against Chrome on a connected device; the app keeps a dedicated Chrome profile, so you log into sites once and sessions persist across runs
  • On-device approvals — review sensitive commands on the device before they run
  • Device capabilities — control what each device offers to workflows

All four nodes are also available as tools for agents.

Connect a device

  1. In the app’s Connections tab, add a server and connect. Connections without a saved token open a browser login
  2. Log in (or sign up) in the browser
  3. Choose the workspace the device should work in and confirm the authorization
  4. The browser hands the authorization back to the app, which stores the token in the OS keychain

The device authorization stays bound to the workspace you picked. Use the Test button on a connection to check whether the server is reachable and the token is still valid.

Registered devices appear under Settings → Devices in the web app, where you manage sharing, workflow capabilities, and removal.

Device capabilities

Capabilities are detected on the device; only detected capabilities can be enabled. Toggle them in the app’s Settings tab or on the Device settings page inside the app window:

  • Shell commands
  • Claude Code
  • Codex
  • Browser automation
  • File read
  • File write
  • Filesystem
  • Screenshots
  • Audio

Workflows can only use capabilities enabled for the device. The workspace can further restrict what workflows may use per device under Settings → Devices.

Targeting a device

Each client node has a Device section:

  • Target Device — the user’s default device, any available shared device, or a specific device
  • If No Device Available — fail the step immediately, or queue the command until an eligible device connects
  • Timeout — maximum wait for command completion (10–600 seconds, default 300)

Approvals

  • Client commands require approval on the device by default; each node’s Approval Required setting controls this, including a Never option for trusted automations
  • Set an Approval Message on the node to explain the request in the approval card
  • Approval cards show the command, workflow, and metadata; approve or reject with an optional reason
  • Check “always allow” on an approval card to add a policy that lets matching commands (by command type or workflow name) run without asking; manage policies in the app’s Settings tab
  • The app sends system notifications for new approval requests and finished or failed tasks
  • An optional Approval Timeout on the node fails the step when a prompt goes unanswered

App window and tray

The app lives in the system tray / menu bar:

  • The tray menu shows connection status, pending approvals, running tasks, a Connections submenu for quick server switching, and Open Rollout, Device Settings, Disconnect, and Quit items
  • Tray items open a popover with three tabs: Activity (pending approvals, running tasks, recent tasks), Connections (servers and logins), and Settings (device identity, capabilities, always-allow policies)
  • Open Rollout (or Cmd+Shift+R on macOS) opens the full Rollout app window — dashboard, messages, tasks, projects, and docs — signed in as this device

Security notes

  • Commands require manual approval on the device by default
  • Use specific device targeting for sensitive workflows
  • Tokens are stored in the OS keychain, never in plain files
  • Remove a device under Settings → Devices; it disappears from the workspace until its client re-registers. Disconnect or delete the connection in the app to stop it from executing commands
  • Treat device capabilities like production credentials: enable only what a workflow or agent should use