anteroom 1.64.0

Anteroom - your gateway to AI conversation

Anteroom

Your private AI gateway. Self-hosted. Agentic. Secure.

Docs • Quick Start • Changelog • Tutorials

---

What is Anteroom?

Anteroom is a ChatGPT-style web UI and agentic CLI that runs on your machine and connects to any OpenAI-compatible API — OpenAI, Azure, Ollama, LM Studio, or your company's internal endpoint.

Think of it as your private room between you and the AI. Your data never leaves your machine. No cloud. No telemetry. Just pip install and go.

Built for enterprise teams behind firewalls who need agentic AI without sending data to third parties.

Built for developers who want a CLI-first, tool-rich AI workflow they fully control.

Built for anyone who believes their conversations are their own.

---

Get running in 60 seconds

pip install anteroom
aroom init          # interactive setup wizard
aroom               # web UI at http://127.0.0.1:8080

That's it. No Docker. No database server. No config files required.

---

Two interfaces, one brain

Everything is shared — conversations, tools, storage. Start in the web UI, pick up in the terminal. Or live entirely in the CLI. Your choice.

Web UI

A full-featured chat interface with projects, folders, tags, file attachments, canvas panels, inline tool approvals, and four built-in themes.

  

  

CLI REPL

An agentic terminal with 12 built-in tools, MCP integration, sub-agent orchestration, a skills system, and planning mode — all with Rich markdown rendering. Type while the AI works; messages queue automatically.

$ aroom chat

anteroom v1.57.0 — the secure AI gateway
  model: gpt-4o | tools: 12 built-in + 3 MCP | safety: ask_for_writes

> Refactor the auth module to use JWT tokens

  Thinking... (12s)

  I'll break this into steps:
  1. Read the current auth implementation
  2. Design the JWT token flow
  3. Implement and test

  read_file  src/auth.py                        ✓
  read_file  src/middleware.py                   ✓
  edit_file  src/auth.py  (+42 -18)             ✓  ⚠ requires approval
  edit_file  src/middleware.py  (+15 -8)        ✓
  bash       pytest tests/unit/test_auth.py     ✓  12 passed

  Done. Refactored auth to use JWT with RS256 signing.
  See the changes in src/auth.py and src/middleware.py.

>

Exec mode

Non-interactive mode for scripts, CI/CD, and automation:

aroom exec "summarize this PR" --json          # structured output
aroom exec "run tests and fix failures" --timeout 300
echo "review this" | aroom exec - --quiet      # pipe stdin

---

What makes it different

Agentic, not just chat

The AI reads files, edits code, runs commands, searches your codebase, and spawns parallel sub-agents — with safety gates at every step. Not a chatbot. A collaborator.

Built-in tools: read_file write_file edit_file bash glob_files grep create_canvas update_canvas patch_canvas run_agent ask_user introspect

---

Extensible via MCP

Connect any Model Context Protocol server to add tools. Databases, APIs, file systems, custom services — the AI can use them all with the same safety controls as built-in tools.

# config.yaml
mcp_servers:
  - name: internal-tools
    command: npx
    args: ["-y", "@my-org/internal-tools"]
    trust_level: trusted              # trusted = no defensive prompt wrapping
    tools_include:
      - "search_*"
      - "read_*"

  - name: external-api
    command: npx
    args: ["-y", "@third-party/api"]
    trust_level: untrusted            # default — outputs wrapped in defensive envelopes
    tools_exclude:
      - "admin_*"

---

Planning mode

For complex tasks, the AI explores first, writes a plan, then executes only after you approve. No surprises. Works in both CLI and web UI.

CLI:

> /plan build a REST API for user management
  Planning... reading codebase, designing approach

> /plan approve
  Executing plan: 8 steps across 5 files...

Web UI: Check the plan panel when planning is active, approve or reject before execution continues.

---

Enterprise-grade security

Built to OWASP ASVS Level 2 standards. Not bolted on — baked in.

• Tool safety gate: 4 risk tiers, 4 approval modes, 3 permission scopes
• 16 hard-block patterns: Catastrophic commands (rm -rf, fork bombs, disk wipes) blocked unconditionally
• Bash sandboxing: Execution timeouts, output limits, path/command blocking, network/package restrictions
• Prompt injection defense: Trust classification, defensive XML envelopes, tag breakout prevention
• Structured audit log: HMAC-SHA256 chained JSONL for tamper detection, SIEM-ready
• Session hardening: Ed25519 identity, concurrent session limits, IP allowlisting, idle/absolute timeouts
• Token budgets: Per-request, per-conversation, per-day limits (denial-of-wallet prevention)
• Sub-agent isolation: Concurrency, depth, iteration, timeout, and output caps
• Team config enforcement: Lock security settings across team members
• MCP SSRF protection: DNS validation, metacharacter rejection, per-server tool filtering and trust levels

---

Knowledge sources

Upload documents (PDFs, DOCX, code, etc.) via CLI (/upload <path>) or web UI drag-and-drop. Text is automatically extracted from binary formats and indexed for semantic search. Sources persist across conversations and are searchable with local vector embeddings — no API key needed.

pip install anteroom[docs]        # adds PDF/DOCX text extraction
pip install anteroom[embeddings]  # adds local vector search

---

Works with everything

Any endpoint that speaks the OpenAI protocol:

• OpenAI — GPT-4o, o1, etc.
• Azure OpenAI — your enterprise deployment
• Ollama / LM Studio — fully offline
• vLLM / TGI — self-hosted open models
• Any OpenAI-compatible API

---

The full picture

Web UI	Conversations with auto-generated slugs, projects, folders, tags, attachments, canvas, themes, keyboard shortcuts
CLI	REPL, one-shot, exec mode, planning, skills, @file references, Rich rendering, slug-based conversation lookup
Tools	12 built-in + unlimited MCP tools, parallel execution, sub-agent orchestration
Tool Safety	4 risk tiers, 4 approval modes, 16 hard-block patterns, destructive command detection
Bash Sandbox	Execution timeouts, output limits, path/command blocking, network/package restrictions, OS-level sandbox
Prompt Defense	Trust classification, defensive XML envelopes, tag breakout prevention, per-server trust levels
Audit	HMAC-SHA256 chained JSONL, daily rotation, content redaction, SIEM integration
Token Budgets	Per-request, per-conversation, per-day limits with configurable block/warn actions
Storage	SQLite + FTS5 + optional vector search, fully local, no cloud
Security	OWASP ASVS L2, CSRF, CSP, HSTS, SRI, rate limiting, parameterized queries
Identity	Ed25519 keypairs, HMAC-SHA256 session tokens, stable across restarts
Sessions	Memory or SQLite stores, idle/absolute timeouts, concurrent limits, IP allowlisting
Config	YAML + env vars, per-project ANTEROOM.md conventions, team config enforcement, dynamic API key refresh
Teams	Shared databases, team config with enforced fields, project configs with SHA-256 trust, skills system
Deployment	pip install anteroom — one command, no infrastructure

---

Development

git clone https://github.com/troylar/anteroom.git
cd anteroom && pip install -e ".[dev]"
pytest tests/ -v                    # 2900+ tests
ruff check src/ tests/              # lint
ruff format src/ tests/             # format

Stack: Python 3.10+ • FastAPI • SQLite • Vanilla JS • Rich • prompt-toolkit • OpenAI SDK • MCP SDK

---

MIT License

An anteroom is the private chamber just outside a larger hall —
a controlled space where you decide who enters and what leaves.

anteroom.readthedocs.io