anteroom
Your employees are already using ChatGPT. Your compliance team doesn't know.
Give your whole org AI —
without giving up control.
Self-hosted AI gateway. Web UI + agentic CLI. Any LLM. No telemetry.
pip install anteroom && aroom init The problem
Your employees want AI.
Your compliance team says no.
38% of employees paste confidential data into unauthorized AI tools. Marketing and executives are the worst offenders. Shadow AI breaches cost $650K+ per incident. Blocking doesn't work — people find workarounds.
JPMorgan built a private AI gateway for 250,000 employees. Goldman Sachs built one for 46,500. Those cost tens of millions.
Anteroom is the open-source alternative.
Who it’s for
Not just for developers.
For the entire organization.
Engineering Teams
CLI + Web UIAgentic CLI with 12 built-in tools: file editing, bash, code search, sub-agents, planning mode. The power of Claude Code with any LLM, behind your firewall.
Product Owners & Managers
Web UIDocument drafting, competitive analysis, data summarization, presentation generation. A polished ChatGPT-style interface that actually does things.
Compliance & Risk
Web UIRegulatory research, policy analysis, examination prep. Every AI interaction logged in tamper-evident audit trails. SR 11-7 and FFIEC alignment.
Executives
Web UIStrategic analysis, meeting preparation, document review, presentation creation. AI assistance for the highest-value work — with full control over where your data goes.
CISOs & Security
Approver + UserFull code auditability (Apache 2.0). OWASP ASVS L2. HMAC-chained audit logs. DLP. Team config enforcement. The AI tool your security team actually wants to approve.
Marketing & Communications
Web UIContent drafting, campaign analysis, market research. Department-specific Packs with brand guidelines and compliance guardrails pre-loaded.
Capabilities
Everything a regulated enterprise needs
to run AI on their own terms
Two Interfaces, One Engine
Web UI for everyone. CLI for developers.A polished web UI with 4 themes, canvas panels, projects, folders, and rich rendering for the whole organization. A full agentic CLI with planning mode, sub-agents, and exec mode for developers. Same SQLite database backs both — same security, same audit trail.
- 4 built-in themes
- Canvas side panels
- CI/CD exec mode
- Shared conversation store
Packs
Shareable AI capabilities for every departmentVersioned bundles of skills, tools, prompts, templates, hooks, configs, and docs — distributed via git. Build a compliance pack with regulatory prompts, a marketing pack with brand guidelines, a DevOps pack with deployment skills. Department-specific AI, centrally governed.
- 7 artifact types
- Lock file reproducibility
- Git-native distribution
- 6-layer precedence system
Spaces
Workspaces for teams and projectsA single YAML file that bundles repos, packs, knowledge sources, instructions, and config overlays into a reproducible workspace. One command bootstraps an entire environment. Team config enforcement locks security settings across every user.
- One-command bootstrap
- Team config enforcement
- Hot-reload on file change
- Local override support
Enterprise Security
OWASP ASVS Level 2Security built in from day one. 4-tier tool approval, 16 hard-blocked dangerous patterns, bash sandboxing, IP allowlisting, HMAC-SHA256 chained audit logs, DLP with PII scanning, token budgets, and team config enforcement. Your CISO can audit every line of code.
- HMAC-SHA256 audit chain
- DLP with PII scanning
- Team config enforcement
- Bash sandboxing
Agentic Runtime
12 built-in tools + Office documentsUp to 50 tool iterations per turn with parallel async execution. Spawn sub-agents for complex tasks. Planning mode lets the AI write a step-by-step plan for your approval before executing. Optional Word, Excel, and PowerPoint tools for document generation.
- Planning mode
- Sub-agent orchestration
- Office document tools
- 50 iterations per turn
Any LLM
Your models, your endpoint, your choiceConnects to any OpenAI-compatible API: Azure OpenAI, Ollama, LM Studio, vLLM, or your company's internal endpoint. Use the models your organization has already approved. No new vendor relationship. Fully offline with local models.
- Azure OpenAI
- Ollama / LM Studio
- vLLM / TGI
- Any OpenAI-compatible API
In action
From install to agentic in 60 seconds
$ pip install anteroom && aroom init
Anteroom v1.85.0 installed. Config written to ~/.anteroom/config.yaml
$ aroom pack install anteroom/compliance
Installing @anteroom/compliance v1.0.0...
+ @anteroom/skill/regulatory-research
+ @anteroom/skill/policy-review
+ @anteroom/prompt/ffiec-framework
+ @anteroom/rule/pii-redaction
+ @anteroom/config_overlay/audit-strict
Attached globally. 5 artifacts installed. Lock file updated.
$ aroom space init enterprise-ai
Creating space from anteroom.space.yml...
✓ 3 packs loaded (12 artifacts resolved)
✓ 4 knowledge sources indexed (vector embeddings enabled)
✓ 2 MCP servers connected (8 tools available)
✓ Team config enforced: approval_mode=ask_for_writes
Space ready.
$ aroom
anteroom v1.85.0 | web UI at http://127.0.0.1:8080
model: azure/gpt-4o | space: enterprise-ai
12 tools | 8 skills | audit logging: enabled
Ready for the whole team.Security
Built so your CISO says yes.
Not a checklist — an architecture.
OWASP ASVS Level 2. Every request passes through 8 security layers before reaching the AI.
Every AI interaction logged
Tamper-evident HMAC-SHA256 chained audit logs. Daily rotation, content redaction, SIEM-ready. Your auditors can verify every interaction across every user.
Security settings locked org-wide
Team config enforcement via a single YAML file. Lock approval modes, tool access, token budgets, and DLP rules. No user can override what you protect.
Cost governance at scale
Token budgets per-request, per-user, per-day. Block or warn. No surprise bills, no runaway agents, no denial-of-wallet.
Data loss prevention built in
PII scanning catches emails, SSNs, credit cards before they reach the model. Prompt leak detection. Configurable content filtering rules.
AI actions sandboxed
4-tier tool approval (read/write/execute/destructive). 16 hard-blocked dangerous patterns. Bash sandboxing with network blocking, path restrictions, and execution timeouts.
Full code auditability
Apache 2.0 — fully open source. Your security team can inspect every line. No black box. No vendor lock-in.
Under the Hood
Built for depth, not demos