Anteroom - your gateway to AI conversation
Project description
Anteroom
Private AI that actually does things.
Self-hosted AI gateway. Web UI + agentic CLI. Any LLM. No telemetry.
pip install anteroom
Docs • Quick Start • What You Can Do • Changelog
What you can do
Chat securely. Talk to any LLM through a polished web UI or terminal — without sending data to third parties. Connect Azure OpenAI, Ollama, OpenAI, or any OpenAI-compatible endpoint. Go fully offline with local models.
Get real work done. The AI reads files, edits code, runs commands, generates documents, creates presentations, and spawns parallel sub-agents — with safety gates at every step. This isn't just chat.
Share team conventions. Package your team's rules, skills, and config into shareable bundles called packs. Everyone gets the same coding standards, security policies, and prompt templates — automatically.
Get running in 60 seconds
pip install anteroom
aroom init # interactive setup wizard
aroom # CLI REPL (default entry point)
aroom web # web UI at http://127.0.0.1:8080
aroom start # or run in the background — no terminal needed
That's it. No Docker. No database server. No config files required.
Or use the CLI directly:
aroom chat # interactive REPL
aroom exec "summarize this PR" --json # one-shot for scripts
aroom status # check if the server is running
Two interfaces, one engine
Everything is shared — conversations, tools, storage, security controls, audit trail. The web UI serves the whole organization. The CLI serves developers who want agentic power tools.
Web UI
A full-featured chat interface with spaces, folders, tags, file attachments, canvas panels, inline tool approvals, and four built-in themes. Product owners, executives, compliance officers, and marketing teams use this.
CLI REPL
An agentic terminal with 12 built-in tools (+ 3 optional MS Office tools), MCP integration, sub-agent orchestration, a skills system, and planning mode — all with Rich markdown rendering.
$ aroom chat
anteroom v1.85.0 — the secure AI gateway
model: gpt-4o | tools: 12 built-in + 3 MCP | safety: ask_for_writes
> Refactor the auth module to use JWT tokens
Thinking... (12s)
I'll break this into steps:
1. Read the current auth implementation
2. Design the JWT token flow
3. Implement and test
read_file src/auth.py ✓
read_file src/middleware.py ✓
edit_file src/auth.py (+42 -18) ✓ ⚠ requires approval
edit_file src/middleware.py (+15 -8) ✓
bash pytest tests/unit/test_auth.py ✓ 12 passed
Done. Refactored auth to use JWT with RS256 signing.
See the changes in src/auth.py and src/middleware.py.
>
Exec mode
Non-interactive mode for scripts, CI/CD, and automation:
aroom exec "summarize this PR" --json # structured output
aroom exec "run tests and fix failures" --timeout 300
echo "review this" | aroom exec - --quiet # pipe stdin
Key capabilities
Agentic, not just chat
The AI reads files, edits code, runs commands, searches your codebase, generates documents, creates presentations, and spawns parallel sub-agents — with safety gates at every step.
Built-in tools: read_file write_file edit_file bash glob_files grep create_canvas update_canvas patch_canvas run_agent ask_user introspect
Optional tools (install with pip install anteroom[office]): docx xlsx pptx — create, read, and edit Word, Excel, and PowerPoint files directly
Works with any LLM
Any endpoint that speaks the OpenAI protocol, plus 100+ providers via LiteLLM:
- Azure OpenAI — your enterprise deployment
- OpenAI — GPT-4o, o1, o3, etc.
- Anthropic — Claude 3.5 Sonnet, Opus, Haiku
- OpenRouter — access 50+ open models (Llama, Mixtral, etc.) with one API key
- Ollama / LM Studio — fully offline, fully private
- vLLM / TGI — self-hosted open models
- Replicate, Together, Cohere, Bedrock — via LiteLLM (
pip install anteroom[providers]) - Any OpenAI-compatible API
Extensible via MCP
Connect any Model Context Protocol server. Databases, APIs, file systems, internal services — with per-server trust levels and tool filtering.
# config.yaml
mcp_servers:
- name: internal-tools
command: npx
args: ["-y", "@my-org/internal-tools"]
trust_level: trusted
- name: external-api
command: npx
args: ["-y", "@third-party/api"]
trust_level: untrusted
Knowledge sources
Upload documents (PDFs, DOCX, code) via CLI or web UI drag-and-drop. Text is automatically extracted and indexed for semantic search with local vector embeddings — no external API needed.
pip install anteroom[docs] # adds PDF/DOCX text extraction
pip install anteroom[embeddings] # adds local vector search
Planning mode
For complex tasks, the AI explores first, writes a plan, then executes only after you approve. Works in both CLI and web UI.
> /plan build a REST API for user management
Planning... reading codebase, designing approach
> /plan approve
Executing plan: 8 steps across 5 files...
Optional: packs and spaces
These are power features you can adopt when you need them. They're not required to use Anteroom.
Packs: shareable AI capabilities
Packs bundle skills, rules, instructions, and config overlays into versioned, git-distributed packages. Build a "compliance pack" with regulatory rules, a "marketing pack" with brand guidelines, a "DevOps pack" with deployment skills — and share them across teams.
aroom pack install https://github.com/example/compliance-pack
aroom pack list
Spaces: named workspaces
Spaces bundle repositories, tools, configs, and packs into named workspaces. Different teams, different projects, different configurations — centrally governed.
aroom space create my-space --repo ./frontend --repo ./backend
aroom chat --space my-space
Enterprise-grade security
Built to OWASP ASVS Level 2 standards. Not bolted on — baked in.
- Tool safety gate: 4 risk tiers, 4 approval modes, 3 permission scopes
- 16 hard-block patterns: Catastrophic commands blocked unconditionally
- Bash sandboxing: Execution timeouts, output limits, path/command blocking, network restrictions
- Prompt injection defense: Trust classification, defensive XML envelopes, tag breakout prevention
- Tamper-evident audit log: HMAC-SHA256 chained JSONL, daily rotation, content redaction, SIEM-ready
- Session hardening: Ed25519 identity, concurrent session limits, IP allowlisting
- Token budgets: Per-request, per-conversation, per-day limits (cost governance at scale)
- Sub-agent isolation: Concurrency, depth, iteration, timeout, and output caps
- Team config enforcement: Lock security settings across the entire organization
- DLP: Configurable data loss prevention rules
Why Anteroom?
38% of employees paste confidential data into unauthorized AI tools. Marketing teams, executives, and product owners are the worst offenders — not developers. Shadow AI breaches cost $650K+ per incident.
Cloud-hosted AI sends your data to third parties. Self-hosted chat UIs can't actually do anything. Building a custom platform costs millions.
Anteroom threads the needle:
| Problem | Anteroom |
|---|---|
| "AI tools send our data to the cloud" | Self-hosted. Zero telemetry. Data only goes to the endpoint you choose. |
| "Chat AI can't actually do things" | Agentic: edits files, runs commands, generates documents, creates presentations |
| "Our compliance team won't approve it" | OWASP ASVS L2 security, HMAC-chained audit logs, DLP, bash sandboxing |
| "It only works for developers" | Web UI for everyone + CLI for developers, same governed platform |
| "We can't control costs at scale" | Token budgets per-request, per-user, per-day |
| "We're locked into one AI vendor" | Any OpenAI-compatible API — Azure, Ollama, local models |
| "It takes months to deploy" | pip install anteroom && aroom init — done in 60 seconds |
The backstory
I'm a CTO at a Fortune 500 in a regulated industry where we can't use third-party AI tools — no ChatGPT, no Claude Code, no Cursor, no Copilot. But we can pip install open-source packages.
So I built Anteroom: a self-hosted AI gateway with a polished web UI for everyone on the team and an agentic CLI for developers. It connects to any OpenAI-compatible API — Azure OpenAI, Ollama, LM Studio, or your company's internal endpoint. Zero telemetry, no phone-home — data only goes to the LLM endpoint you choose.
JPMorgan built a private AI gateway for 250,000 employees. Goldman Sachs built one for 46,500. Anteroom gives every regulated institution the same capability — without a nine-figure technology budget.
The full picture
| Web UI | Conversations, spaces, folders, tags, attachments, canvas, themes, keyboard shortcuts |
| CLI | REPL, one-shot, exec mode, planning, skills, @file references, Rich rendering |
| Tools | 12 built-in + 3 optional office tools + unlimited MCP tools, parallel execution, sub-agents |
| Packs | 7 artifact types, 6-layer precedence, git distribution, lock files, health checks |
| Spaces | Workspace management, auto-discovery, repository cloning, per-space config overlays |
| Security | OWASP ASVS L2, CSRF, CSP, HSTS, SRI, rate limiting, DLP, prompt injection defense |
| Audit | HMAC-SHA256 chained JSONL, daily rotation, content redaction, SIEM integration |
| Storage | SQLite + FTS5 + optional vector search, fully local, optional SQLCipher encryption |
| Knowledge | RAG over sources and conversations, scoped memory recall, cross-encoder reranker, untrusted-content envelopes |
| Config | YAML + env vars, ANTEROOM.md conventions, team enforcement, dynamic API key refresh |
Development
git clone https://github.com/troylar/anteroom.git
cd anteroom && pip install -e ".[dev]"
pytest tests/ -v # 8400+ tests
ruff check src/ tests/ # lint
ruff format src/ tests/ # format
Local docs: pip install anteroom[docs-serve] && aroom docs serves the full documentation site at http://127.0.0.1:8400.
Stack: Python 3.10+ • FastAPI • SQLite • Vanilla JS • Rich • prompt-toolkit • OpenAI SDK • MCP SDK
Contributing
See CONTRIBUTING.md for architecture overview, dev setup, and contribution guidelines. Packs are the easiest way to contribute — no core changes needed.
Apache License 2.0 — free to use, modify, and distribute
An anteroom is the private chamber just outside a larger hall —
a controlled space where you decide who enters and what leaves.
anteroom.readthedocs.io •
anteroom.ai
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file anteroom-1.166.0.tar.gz.
File metadata
- Download URL: anteroom-1.166.0.tar.gz
- Upload date:
- Size: 4.2 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0681d8a37b93095b64629b172fb93d2dd291f2c8d6369a343cb758b859ca2f5d
|
|
| MD5 |
db350f6b2d998577f99f17123761a399
|
|
| BLAKE2b-256 |
becbbc72463cf75ae5b999d3c1246355249a141e84c511f7963793787ffde0d4
|
File details
Details for the file anteroom-1.166.0-py3-none-any.whl.
File metadata
- Download URL: anteroom-1.166.0-py3-none-any.whl
- Upload date:
- Size: 4.7 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
473893c2101cb55dc3ff27bff0ce9cb626b27b139e26a59346f8e4711cb6da39
|
|
| MD5 |
028cdb3a8cb6aa434d792c2db4bcaafd
|
|
| BLAKE2b-256 |
ea1229577b0945eed148014cab67d5064947cc7cab483685d4f01261f6dbeffd
|
