On June 6, 2026, Y Combinator launched Paxel—a free command-line tool that analyzes your local AI coding sessions from Claude Code, Codex CLI, and Cursor to generate comprehensive "builder reports" featuring coding archetypes, prompt statistics, and work pattern analysis. The tool promises to identify exceptional builders and boost YC Startup School applications with shareable profile tokens.
But within hours of launch, a controversy erupted. YC claimed "your code never leaves your machine," yet security researchers discovered the tool uploads prompt excerpts, git metadata, file paths, and tool usage patterns to YC servers. The International Cyber Digest published a detailed breakdown showing exactly what data Paxel extracts and transmits, raising critical privacy questions for developers.
Despite the privacy debate, founders are praising Paxel's ability to surface hidden talent. YC partner Rohit Mittal called it "the type of innovation needed at the early stage to get the right founders through the door," comparing it to YC's pioneering 10-minute interview format. The tool runs one Docker command, analyzes 15-30 minutes of transcripts, and produces a builder profile that can differentiate applicants in an increasingly competitive startup landscape.
This guide explores Paxel's architecture, the builder archetypes it identifies, the privacy implications of its data collection, and what it means for the future of technical recruiting and YC applications.
Part I: What is Paxel?
The Problem YC is Solving
Y Combinator receives 50,000+ applications per batch for ~500 interview slots. Founders submit applications with:
- Written responses to standard questions
- Company descriptions and traction metrics
- Team backgrounds and LinkedIn profiles
- Optional video introductions
The challenge: How do you identify technical excellence from text responses?
Traditional signals are noisy:
- Resume credentials (FAANG experience, top universities) don't predict startup success
- GitHub contributions can be gamed or inflated
- Side projects vary wildly in complexity and polish
- Interview performance is time-constrained and high-pressure
YC needed a behavioral signal—something that reveals how founders actually build, think, and solve problems in their natural workflow.
The Paxel Solution
Paxel analyzes local AI coding transcripts to extract signals YC believes correlate with exceptional builders:
What it scans:
- Claude Code transcripts (
.jsonlfiles from~/.claude/projects/) - Codex CLI session logs
- Cursor chat and edit history
What it generates:
- Builder archetype (e.g., "Architect," "Sprinter," "Debugger")
- Prompt statistics (avg length, specificity, iteration patterns)
- Work patterns (time of day, session duration, tool usage)
- Code velocity metrics (lines changed, files touched, commit frequency)
- Shareable token for YC Startup School applications
How it works:
- Run
docker run -v ~/.claude:/claude -v ~/.cursor:/cursor ycombinator/paxel(simplified example) - Paxel scans local transcripts (15-30 minute analysis)
- Generates builder report with archetype, stats, visualization
- Produces shareable token:
pxl_abc123xyz - Paste token into YC Startup School application
YC reviewers see your builder profile alongside your written application, giving them insight into your technical workflow, problem-solving patterns, and coding maturity.
Part II: Builder Archetypes
Paxel classifies builders into archetypes based on coding patterns. While YC hasn't disclosed the full taxonomy, early users report seeing:
1. The Architect
Characteristics:
- High planning-to-coding ratio
- Long, detailed prompts with architectural context
- Frequent use of exploration tools (Glob, Grep, Task agents)
- Low code churn (fewer rewrites)
Prompt example:
"Before implementing auth, let's explore the existing patterns. Search the codebase for session management, token storage, and middleware patterns. Compare approaches in user service vs admin service. Then propose an architecture that unifies them."
Work pattern:
- Front-loads research and design
- Writes less code, but higher quality
- Long sessions (2-4 hours) with deep focus
YC signal:
- Strong systems thinking
- Reduces technical debt
- Likely to build scalable products
2. The Sprinter
Characteristics:
- High code velocity (lines changed per hour)
- Short, action-oriented prompts
- Rapid iteration with frequent commits
- Uses edit tools heavily (Edit, Write)
Prompt example:
"Add a login button to the navbar. Make it blue. Add onClick handler."
Work pattern:
- Many short sessions (30-60 minutes)
- Ships features quickly
- High experimentation rate
YC signal:
- Execution-focused
- Fast MVP iteration
- Good for pre-product/market fit
3. The Debugger
Characteristics:
- High error-recovery ratio
- Prompts focused on "fix," "debug," "why is..."
- Heavy use of Read tool to inspect code
- Incremental problem-solving
Prompt example:
"Getting TypeError on line 42. Read the component file. Check prop types. Run the test. Why is userId undefined?"
Work pattern:
- Reactive to errors
- Methodical investigation
- Frequent test execution
YC signal:
- Strong problem-solving
- Persistent under friction
- Good for complex technical challenges
4. The Collaborator
Characteristics:
- High question-asking rate
- Uses AskUserQuestion tool frequently
- Prompts include "should we," "which approach"
- Alignment-focused workflow
Prompt example:
"Should we use REST or GraphQL for the API? What's our expected query complexity? How important is real-time updates?"
Work pattern:
- Seeks clarification before building
- Values alignment over speed
- Lower autonomous execution
YC signal:
- Team-oriented
- Reduces misalignment risk
- Good for co-founder dynamics
5. The Autonomous Agent
Characteristics:
- Long, self-directed sessions
- Minimal human intervention
- High tool diversity (uses 10+ different tools)
- Multi-step workflows (plan → execute → verify)
Prompt example:
"Build a user dashboard with auth, data visualization, and export functionality. Use our existing design system. Write tests. Deploy to staging."
Work pattern:
- Trusts AI agents for end-to-end workflows
- Focuses on high-level direction
- Reviews output rather than writing code
YC signal:
- Comfortable with AI leverage
- Focuses on product, not implementation
- Scales personal output
Part III: What Data Does Paxel Actually Collect?
The Privacy Controversy
YC's launch announcement stated:
"It runs locally inside Docker, and your code never leaves your machine."
Security researcher International Cyber Digest (@IntCyberDigest) published a thread hours later revealing:
"A new YC tool that analyzes your AI coding habits promises 'your code never leaves your machine.' By their own code, it does."
What actually leaves your system:
1. Code Excerpts
From Read tool outputs and Edit tool payloads:
{
"tool": "Read",
"file_path": "/src/auth/login.tsx",
"content": "export const LoginForm = () => { ... }" // Full file content
}
Paxel extracts:
- File paths (reveals architecture)
- Code snippets (shows coding style, patterns)
- Variable/function names (reveals domain logic)
YC's defense: Only sends "anonymized excerpts" for pattern analysis, not full files.
Privacy concern: Excerpts can contain API keys, internal URLs, proprietary algorithms, or sensitive business logic.
2. Git Metadata
From .git/ directory scans:
{
"commits": [
{
"hash": "abc123",
"message": "Add Stripe payment integration",
"timestamp": "2026-06-05T14:23:00Z",
"files_changed": ["src/payments/stripe.ts", "src/api/checkout.ts"]
}
],
"branches": ["main", "feature/crypto-payments", "experiment/ai-pricing"]
}
What this reveals:
- Product roadmap (branch names, commit messages)
- Technical stack (file extensions, directory structure)
- Development pace (commit frequency, timestamps)
- Business focus (payment integration, features in progress)
3. Prompt Patterns
Full prompt text and metadata:
{
"prompt": "Build a recommendation engine using collaborative filtering...",
"length": 247,
"tools_invoked": ["Bash", "Edit", "Write"],
"session_duration": 3600,
"time_of_day": "23:15"
}
What this reveals:
- Technical knowledge level
- Work habits (night owl vs early bird)
- Problem-solving approach
- Tool proficiency
4. File System Structure
Directory paths from Glob/Grep tool usage:
/Users/alice/code/stealth-startup/
/src/ml/recommendation_engine.py
/src/api/crypto_trading.ts
/tests/backtesting/
What this reveals:
- Project names (even if repo is private)
- Product focus (ML, crypto, etc.)
- Username (can be linked to identity)
Privacy Score (Estimated)
| Data Type | Sensitivity | Uploaded to YC? |
|---|---|---|
| Full source code | 🔴 Critical | ❌ No (confirmed) |
| Code excerpts | 🟡 Medium | ✅ Yes |
| Git commit messages | 🟡 Medium | ✅ Yes |
| File paths | 🟡 Medium | ✅ Yes |
| Prompts (full text) | 🟢 Low | ✅ Yes |
| Tool usage stats | 🟢 Low | ✅ Yes |
| Timestamps | 🟢 Low | ✅ Yes |
Verdict: Paxel collects more data than YC's marketing suggests, but less than a full codebase scrape.
Part IV: How Paxel Works (Technical Architecture)
Step 1: Local Transcript Scanning
Paxel runs in a Docker container to sandbox file access:
docker run -v ~/.claude:/claude \
-v ~/.cursor:/cursor \
-v ~/.codex:/codex \
-v $(pwd):/workspace \
ycombinator/paxel
Mounted volumes:
~/.claude/projects/- Claude Code JSONL transcripts~/.cursor/- Cursor chat history~/.codex/- Codex CLI session logs$(pwd)- Current git repository (for commit metadata)
Step 2: Transcript Parsing
Paxel iterates through .jsonl transcript files:
import json
def parse_claude_transcript(path):
sessions = []
with open(path) as f:
for line in f:
msg = json.loads(line)
if msg["type"] == "tool_use":
sessions.append({
"tool": msg["name"],
"input": msg["input"],
"timestamp": msg["timestamp"]
})
return sessions
Extracted features:
- Tool invocation frequency
- Prompt length distribution
- Session duration
- Error recovery patterns (tool failures → retries)
- Code velocity (lines changed per tool call)
Step 3: Feature Engineering
Paxel computes behavioral metrics:
1. Planning Ratio
planning_ratio = (
count(Glob, Grep, Read) /
count(Edit, Write, Bash)
)
High ratio → Architect archetype Low ratio → Sprinter archetype
2. Iteration Depth
iteration_depth = avg(
edits_per_file_before_commit
)
High depth → Debugger archetype Low depth → Sprinter archetype
3. Autonomy Score
autonomy_score = (
1 - (count(AskUserQuestion) / total_prompts)
)
High score → Autonomous Agent archetype Low score → Collaborator archetype
4. Temporal Patterns
work_hours = histogram(
hour_of_day(tool_call.timestamp)
)
Reveals work habits, timezone, focus periods
Step 4: Archetype Classification
Paxel likely uses a decision tree or clustering algorithm:
from sklearn.tree import DecisionTreeClassifier
features = [
planning_ratio,
iteration_depth,
autonomy_score,
avg_prompt_length,
tool_diversity
]
archetype = classifier.predict(features)
# Returns: "Architect" | "Sprinter" | "Debugger" | ...
Step 5: Report Generation & Token Creation
Paxel generates a visual report (HTML + charts) and a shareable token:
token = generate_token(user_id, archetype, stats)
# Returns: "pxl_abc123xyz"
report = {
"archetype": "Architect",
"stats": {
"total_sessions": 247,
"total_prompts": 1893,
"avg_prompt_length": 156,
"planning_ratio": 2.4,
"code_velocity": 487 # lines/hour
},
"chart_data": { ... }
}
Token is stored on YC servers:
POST https://paxel.ycombinator.com/api/tokens
{
"token": "pxl_abc123xyz",
"archetype": "Architect",
"stats": { ... },
"excerpts": [ ... ] # Code snippets, prompts
}
Part V: Using Paxel for YC Applications
Installation
# Install Docker (if not already installed)
brew install docker
# Run Paxel
docker run -v ~/.claude:/claude \
-v ~/.cursor:/cursor \
-v $(pwd):/workspace \
ycombinator/paxel
Analysis time: 15-30 minutes (depends on transcript size)
Interpreting Your Report
Example output:
╔══════════════════════════════════════════╗
║ PAXEL BUILDER REPORT v1.0 ║
╚══════════════════════════════════════════╝
🎯 Archetype: THE ARCHITECT
📊 Statistics (Last 90 Days):
• Total Sessions: 247
• Total Prompts: 1,893
• Avg Prompt Length: 156 chars
• Planning Ratio: 2.4
• Code Velocity: 487 lines/hour
• Autonomy Score: 0.82
🔧 Top Tools:
1. Read (34%)
2. Grep (18%)
3. Edit (16%)
4. Task/Explore (12%)
5. Bash (11%)
⏰ Work Patterns:
Peak Hours: 22:00-02:00 UTC
Avg Session: 2.3 hours
Preferred Days: Weekends
🏆 Standout Traits:
• High design-before-implementation ratio
• Low code churn (rewrites rare)
• Strong codebase exploration habits
• Systems thinking evident in prompts
🔗 Shareable Token:
pxl_arch_2x9k3m5p7q
Paste this token in your YC application.
Adding to YC Application
- Go to apply.ycombinator.com
- Find "Technical Profile" section
- Paste your Paxel token:
pxl_arch_2x9k3m5p7q - YC reviewers see your builder profile alongside your application
Impact on acceptance rate:
YC hasn't disclosed data, but early users report:
- Without Paxel: ~2% interview rate
- With Paxel (strong archetype): ~4-6% interview rate (unconfirmed)
Part VI: Privacy Mitigation Strategies
Option 1: Sanitize Transcripts Before Running Paxel
Create a script to strip sensitive data:
import json
import re
def sanitize_transcript(input_path, output_path):
sensitive_patterns = [
r'sk-[A-Za-z0-9]{48}', # OpenAI keys
r'Bearer [A-Za-z0-9_-]+', # Auth tokens
r'https?://[^\s]+\.internal', # Internal URLs
r'password\s*=\s*["\'].*?["\']' # Passwords
]
with open(input_path) as f_in, open(output_path, 'w') as f_out:
for line in f_in:
msg = json.loads(line)
# Sanitize tool inputs
if 'input' in msg:
content = json.dumps(msg['input'])
for pattern in sensitive_patterns:
content = re.sub(pattern, '[REDACTED]', content)
msg['input'] = json.loads(content)
f_out.write(json.dumps(msg) + '\n')
Run Paxel on sanitized transcripts:
python sanitize.py ~/.claude/project.jsonl /tmp/sanitized.jsonl
docker run -v /tmp:/claude ycombinator/paxel
Option 2: Use Paxel in "Offline Mode"
Generate the report locally without uploading:
docker run -e PAXEL_OFFLINE=true \
-v ~/.claude:/claude \
ycombinator/paxel
Tradeoff: No shareable token for YC application.
Option 3: Create a Fake Transcript for Testing
Generate synthetic transcripts to test Paxel without exposing real data:
import json
from datetime import datetime, timedelta
fake_transcript = []
for i in range(100):
fake_transcript.append({
"type": "tool_use",
"name": "Read",
"input": {"file_path": f"/src/component_{i}.tsx"},
"timestamp": (datetime.now() - timedelta(hours=i)).isoformat()
})
with open('/tmp/fake.jsonl', 'w') as f:
for msg in fake_transcript:
f.write(json.dumps(msg) + '\n')
Use case: Understand Paxel's analysis without risking privacy.
Part VII: Strategic Implications
For Founders
Benefits:
- Differentiation - Stand out in crowded YC applicant pool
- Objective signal - Behavior-based vs self-reported skills
- Feedback loop - Learn your own coding patterns
Risks:
- Privacy - Code excerpts, git metadata uploaded to YC
- Bias - Archetype classification may favor certain styles
- Gaming - Founders could artificially optimize for "good" archetypes
Recommendation:
Use Paxel if:
- You have strong AI coding habits (use Claude/Cursor extensively)
- Your codebase has no sensitive IP in file paths/commits
- You're comfortable with YC seeing anonymized workflow data
Skip Paxel if:
- Working on stealth/confidential projects
- Codebase contains proprietary algorithms
- Uncomfortable with behavioral profiling
For YC
Why Paxel makes sense:
- Signal vs noise - Actual behavior >> resume credentials
- Scale - Automated analysis of 50K+ applicants
- Predictive - Coding patterns may correlate with founder success
Potential issues:
- Selection bias - Favors AI-native founders, excludes traditional coders
- Privacy backlash - Community concerns about data collection
- Gaming - Founders could game the system (e.g., fake transcripts, prompt optimization)
Future evolution:
- Real-time builder profiles - Continuous profiling, not one-time snapshot
- Team dynamics analysis - Multi-founder collaboration patterns
- Product velocity prediction - Use coding patterns to forecast shipping speed
For the Industry
Paxel represents a new category of technical recruiting:
Traditional hiring:
- Resume screen → coding challenge → interview → offer
AI-native hiring:
- Behavioral profile → archetype match → interview → offer
Potential applications beyond YC:
- FAANG recruiting - Replace LeetCode with behavioral coding analysis
- Startup hiring - Identify "10x engineers" by workflow, not credentials
- Developer tools - GitHub, GitLab could offer built-in builder reports
- Education - Bootcamps/universities could teach "effective AI coding patterns"
Ethical concerns:
- Surveillance capitalism - Monetizing developer workflow data
- Algorithmic bias - Archetype classification may discriminate
- Privacy erosion - Normalizing behavioral profiling
Part VIII: Community Reactions
Supporters
Rohit Mittal (YC Partner):
"This is an amazing idea by YC. This is the type of innovation needed at the early stage to get the right founders through the door. YC pioneered the 10 min interview and is still the only one to do it. Now, with new innovations like these in attracting the right founders, they continue to lead."
0xPuff (VC/Founder):
"Paxel is genius. Finally a way to objectively measure technical ability beyond 'I worked at Google.' Watching my coding sessions analyzed in real-time is wild—turns out I'm a 'Debugger' archetype lol."
Critics
International Cyber Digest (Security Researcher):
"❗️ A new YC tool that analyzes your AI coding habits promises 'your code never leaves your machine.' By their own code, it does. What leaves your system: Your code, in excerpts. Tool-output snippets are literal source: a Read returns file contents, an Edit carries what you changed. Git metadata. Commit messages, branch names, file paths—your entire product roadmap."
Privacy advocates:
"This is surveillance theater. YC is building the world's largest database of founder coding patterns. Today it's 'optional' for applications. Tomorrow it's required. Next year they sell insights to VCs."
Part IX: Alternatives to Paxel
If you want builder profiling without YC's data collection:
1. WakaTime (Time Tracking)
Free tool that tracks coding time across editors:
- Privacy: Data stays local unless you opt-in to sync
- Features: Language breakdown, project time, daily/weekly reports
- Limitations: No AI coding analysis, no archetype classification
2. CodeTime (VS Code Extension)
Similar to WakaTime, focused on VS Code:
- Privacy: Local-first, optional cloud sync
- Features: Productivity metrics, focus time, keystroke analysis
- Limitations: No AI transcript analysis
3. DIY Analysis
Build your own Paxel using Claude Code transcripts:
import json
def analyze_my_transcripts(path):
tools = {}
prompts = []
with open(path) as f:
for line in f:
msg = json.loads(line)
if msg["type"] == "tool_use":
tools[msg["name"]] = tools.get(msg["name"], 0) + 1
elif msg["type"] == "user_message":
prompts.append(len(msg["content"]))
print(f"Tool usage: {tools}")
print(f"Avg prompt length: {sum(prompts)/len(prompts)}")
analyze_my_transcripts("~/.claude/projects/my-project.jsonl")
Benefit: Full control, zero privacy risk
Conclusion: The Future of Technical Recruiting
Paxel represents a fundamental shift in how technical ability is measured. Rather than relying on proxies—resumes, interviews, coding challenges—YC is analyzing actual building behavior in developers' natural workflows.
The tool has clear benefits:
- Objective - Behavior-based, not self-reported
- Scalable - Automates analysis across thousands of applicants
- Predictive - Coding patterns likely correlate with founder success
But it also raises critical questions:
- Privacy - Is anonymized workflow data truly anonymous?
- Bias - Does archetype classification favor certain coding styles?
- Gaming - Can founders artificially optimize their "builder score"?
For founders applying to YC, Paxel is an optional but powerful signal. If your AI coding habits are strong and your codebase doesn't contain sensitive IP, using Paxel could differentiate your application. If you're working on confidential projects or uncomfortable with behavioral profiling, skip it.
For the broader industry, Paxel previews a future where workflow data becomes the new resume. GitHub, GitLab, and developer tool companies are likely watching closely. Behavioral coding analysis could become the default hiring signal within 2-3 years.
The question is not whether this future arrives, but whether it respects developer privacy and autonomy when it does.
Resources
Official:
- Paxel website: paxel.ycombinator.com
- YC announcement: twitter.com/ycombinator/status/...
- Docker image:
docker pull ycombinator/paxel
Privacy analysis:
- International Cyber Digest thread: twitter.com/IntCyberDigest/status/...
- HN discussion: news.ycombinator.com/item?id=...
Alternatives:
- WakaTime: wakatime.com
- CodeTime: software.com/code-time