Skip to main content
Get YesPaPa running in under 5 minutes. No remote server required — the Inner Ring (TOTP gate) works completely offline.

Prerequisites

  • Node.js 18+
  • macOS or Linux (zsh or bash)
  • A TOTP authenticator app (Google Authenticator, Authy, 1Password, etc.)

Install

git clone https://github.com/yespapa-cli/yespapa.git
cd yespapa
npm install
npm run build

Initialize

npx yespapa init
This will:
  1. Generate a TOTP seed
  2. Ask you to set a master key (for recovery)
  3. Display a QR code — scan it with your authenticator app
  4. Verify the TOTP code
  5. Inject shell interceptors into your .zshrc / .bashrc
  6. Start the daemon in the background

Try It

Open a new terminal (or source ~/.zshrc) and try a dangerous command: 
rm -rf ./some-directory
YesPaPa intercepts it and prompts for your TOTP code: 
🔒 YesPaPa — Command requires approval
   rm -rf ./some-directory
   Rule: destructive/rm-rf

Enter TOTP code: ______
Enter the 6-digit code from your authenticator. Approved commands execute normally. Denied commands are blocked.

Check Status

yespapa status
Shows daemon status, interceptor status, pending commands, and remote server connection.

Optional: Mobile App Pairing

During yespapa init, say Yes when asked to pair with the mobile app. This enables:
  • Push notifications on your phone when commands are intercepted
  • One-tap approve/deny from the YesPaPa app
  • Approve-with-message to send feedback to AI agents
The mobile app is always free. You can use the default hosted server or self-host your own.

Add the AI Agent Skill

If you use Claude Code (or any tool that supports skills), add YesPaPa as a skill so your agent automatically knows how to work with intercepted commands: 
npx skills add https://docs.yespapa.io
This teaches the agent to include --justification on dangerous commands, parse approval/denial events, and follow approver feedback — no manual system prompt editing needed.

Next Steps