anteroom 1.93.1

Anteroom - your gateway to AI conversation

Anteroom

Your employees are already using ChatGPT. Your compliance team doesn't know.

Give your whole org AI — without giving up control.

Self-hosted AI gateway. Web UI + agentic CLI. Any LLM. No telemetry.
pip install anteroom

Docs • Quick Start • Why Anteroom? • Changelog

---

The backstory

I'm a CTO at a Fortune 500 in a regulated industry where we can't use third-party AI tools — no ChatGPT, no Claude Code, no Cursor, no Copilot. But we can pip install open-source packages.

So I built Anteroom: a self-hosted AI gateway with a polished web UI for everyone on the team and an agentic CLI for developers. It connects to any OpenAI-compatible API — Azure OpenAI, Ollama, LM Studio, or your company's internal endpoint. Zero telemetry, no phone-home — data only goes to the LLM endpoint you choose. Go fully offline with local models.

JPMorgan built a private AI gateway for 250,000 employees. Goldman Sachs built one for 46,500. Anteroom gives every regulated institution the same capability — without a nine-figure technology budget.

---

Why Anteroom?

38% of employees paste confidential data into unauthorized AI tools. Marketing teams, executives, and product owners are the worst offenders — not developers. Shadow AI breaches cost $650K+ per incident.

Cloud-hosted AI sends your data to third parties. Self-hosted chat UIs can't actually do anything. Building a custom platform costs millions.

Anteroom threads the needle:

Problem	Anteroom
"AI tools send our data to the cloud"	Self-hosted. Zero telemetry. Data only goes to the endpoint you choose.
"Chat AI can't actually do things"	Agentic: edits files, runs commands, generates documents, creates presentations
"Our compliance team won't approve it"	OWASP ASVS L2 security, HMAC-chained audit logs, DLP, bash sandboxing
"It only works for developers"	Web UI for everyone + CLI for developers, same governed platform
"We can't control costs at scale"	Token budgets per-request, per-user, per-day
"We're locked into one AI vendor"	Any OpenAI-compatible API — Azure, Ollama, local models
"It takes months to deploy"	pip install anteroom && aroom init — done in 60 seconds

---

Get running in 60 seconds

pip install anteroom
aroom init          # interactive setup wizard
aroom               # web UI at http://127.0.0.1:8080

That's it. No Docker. No database server. No config files required.

Or use the CLI directly:

aroom chat                              # interactive REPL
aroom exec "summarize this PR" --json   # one-shot for scripts

---

Two interfaces, one engine

Everything is shared — conversations, tools, storage, security controls, audit trail. The web UI serves the whole organization. The CLI serves developers who want agentic power tools.

Web UI

A full-featured chat interface with projects, folders, tags, file attachments, canvas panels, inline tool approvals, and four built-in themes. Product owners, executives, compliance officers, and marketing teams use this.

  

  

CLI REPL

An agentic terminal with 12 built-in tools (+ 3 optional MS Office tools), MCP integration, sub-agent orchestration, a skills system, and planning mode — all with Rich markdown rendering.

$ aroom chat

anteroom v1.85.0 — the secure AI gateway
  model: gpt-4o | tools: 12 built-in + 3 MCP | safety: ask_for_writes

> Refactor the auth module to use JWT tokens

  Thinking... (12s)

  I'll break this into steps:
  1. Read the current auth implementation
  2. Design the JWT token flow
  3. Implement and test

  read_file  src/auth.py                        ✓
  read_file  src/middleware.py                   ✓
  edit_file  src/auth.py  (+42 -18)             ✓  ⚠ requires approval
  edit_file  src/middleware.py  (+15 -8)        ✓
  bash       pytest tests/unit/test_auth.py     ✓  12 passed

  Done. Refactored auth to use JWT with RS256 signing.
  See the changes in src/auth.py and src/middleware.py.

>

Exec mode

Non-interactive mode for scripts, CI/CD, and automation:

aroom exec "summarize this PR" --json          # structured output
aroom exec "run tests and fix failures" --timeout 300
echo "review this" | aroom exec - --quiet      # pipe stdin

---

Key capabilities

Agentic, not just chat

The AI reads files, edits code, runs commands, searches your codebase, generates documents, creates presentations, and spawns parallel sub-agents — with safety gates at every step.

Built-in tools: read_file write_file edit_file bash glob_files grep create_canvas update_canvas patch_canvas run_agent ask_user introspect

Optional tools (install with pip install anteroom[office]): docx xlsx pptx — create, read, and edit Word, Excel, and PowerPoint files directly

---

Packs: shareable AI capabilities

Packs are versioned, git-distributed bundles with 7 artifact types: skills, tools, prompts, templates, hooks, configs, and docs. Build a "compliance pack" with regulatory prompts, a "marketing pack" with brand guidelines, a "DevOps pack" with deployment skills — and share them across teams.

aroom pack install https://github.com/example/compliance-pack
aroom pack list

Packs use a 6-layer precedence system (built-in → global → space → project → conversation → runtime) so departments can customize without weakening security controls.

---

Spaces: named workspaces

Spaces bundle repositories, tools, configs, and packs into named workspaces. Different teams, different projects, different configurations — centrally governed.

aroom space create my-project --repo ./frontend --repo ./backend
aroom space switch my-project

---

Enterprise-grade security

Built to OWASP ASVS Level 2 standards. Not bolted on — baked in.

• Tool safety gate: 4 risk tiers, 4 approval modes, 3 permission scopes
• 16 hard-block patterns: Catastrophic commands blocked unconditionally
• Bash sandboxing: Execution timeouts, output limits, path/command blocking, network restrictions
• Prompt injection defense: Trust classification, defensive XML envelopes, tag breakout prevention
• Tamper-evident audit log: HMAC-SHA256 chained JSONL, daily rotation, content redaction, SIEM-ready
• Session hardening: Ed25519 identity, concurrent session limits, IP allowlisting
• Token budgets: Per-request, per-conversation, per-day limits (cost governance at scale)
• Sub-agent isolation: Concurrency, depth, iteration, timeout, and output caps
• Team config enforcement: Lock security settings across the entire organization
• DLP: Configurable data loss prevention rules

---

Works with any LLM

Any endpoint that speaks the OpenAI protocol, plus 100+ providers via LiteLLM:

• Azure OpenAI — your enterprise deployment
• OpenAI — GPT-4o, o1, o3, etc.
• Anthropic — Claude 3.5 Sonnet, Opus, Haiku
• OpenRouter — access 50+ open models (Llama, Mixtral, etc.) with one API key
• Ollama / LM Studio — fully offline, fully private
• vLLM / TGI — self-hosted open models
• Replicate, Together, Cohere, Bedrock — via LiteLLM (pip install anteroom[providers])
• Any OpenAI-compatible API

---

Extensible via MCP

Connect any Model Context Protocol server. Databases, APIs, file systems, internal services — with per-server trust levels and tool filtering.

# config.yaml
mcp_servers:
  - name: internal-tools
    command: npx
    args: ["-y", "@my-org/internal-tools"]
    trust_level: trusted
  - name: external-api
    command: npx
    args: ["-y", "@third-party/api"]
    trust_level: untrusted

---

Planning mode

For complex tasks, the AI explores first, writes a plan, then executes only after you approve. Works in both CLI and web UI.

> /plan build a REST API for user management
  Planning... reading codebase, designing approach

> /plan approve
  Executing plan: 8 steps across 5 files...

---

Knowledge sources

Upload documents (PDFs, DOCX, code) via CLI or web UI drag-and-drop. Text is automatically extracted and indexed for semantic search with local vector embeddings — no external API needed.

pip install anteroom[docs]        # adds PDF/DOCX text extraction
pip install anteroom[embeddings]  # adds local vector search

---

The full picture

Web UI	Conversations, projects, folders, tags, attachments, canvas, themes, keyboard shortcuts
CLI	REPL, one-shot, exec mode, planning, skills, @file references, Rich rendering
Tools	12 built-in + 3 optional office tools + unlimited MCP tools, parallel execution, sub-agents
Packs	7 artifact types, 6-layer precedence, git distribution, lock files, health checks
Spaces	Workspace management, auto-discovery, repository cloning, per-space config overlays
Security	OWASP ASVS L2, CSRF, CSP, HSTS, SRI, rate limiting, DLP, prompt injection defense
Audit	HMAC-SHA256 chained JSONL, daily rotation, content redaction, SIEM integration
Storage	SQLite + FTS5 + optional vector search, fully local, optional SQLCipher encryption
Config	YAML + env vars, ANTEROOM.md conventions, team enforcement, dynamic API key refresh

---

Development

git clone https://github.com/troylar/anteroom.git
cd anteroom && pip install -e ".[dev]"
pytest tests/ -v                    # 6000+ tests
ruff check src/ tests/              # lint
ruff format src/ tests/             # format

Stack: Python 3.10+ • FastAPI • SQLite • Vanilla JS • Rich • prompt-toolkit • OpenAI SDK • MCP SDK

---

Contributing

See CONTRIBUTING.md for architecture overview, dev setup, and contribution guidelines. Packs are the easiest way to contribute — no core changes needed.

---

Apache License 2.0 — free to use, modify, and distribute

An anteroom is the private chamber just outside a larger hall —
a controlled space where you decide who enters and what leaves.

anteroom.readthedocs.io • anteroom.ai