Hardened by design
Secure defaults, credential handling, and policy boundaries are treated as first-class concerns.
Stable release
Security-first personal AI assistant
Carapace runs local-first, keeps security controls explicit, and gives you auditable behavior across chat channels and guarded local workspace tools. Works through Signal, Telegram, Discord, Slack, webhooks, and console.
Quick start
Run setup, choose your first outcome, then start Carapace:
cara setup
caraWant a quick security comparison? Carapace vs OpenClaw threat-by-threat table .
New here? Follow the full path: Install -> First Run -> Security -> Ops -> Cookbook.
Carapace ships a stable release line for its verified paths. Partial and in-progress areas are called out explicitly in the docs and feature status.
If you are unsure which first path to choose, start with one provider and
local-chat, then add channels after
cara verify --outcome auto passes.
Want a local project assistant? Enable filesystem for one
workspace root and start with the
guarded local project assistant recipe.
Need guided help or evaluating for a team?
Use the public help paths for setup blockers, cookbook gaps, or a small-team evaluation. Keep secrets and sensitive details out of public issues.
Popular walkthroughs
Use task-focused recipes instead of piecing setup together manually.
- 5-minute secure local setup + first reply
- Use Cara with VS Code, JetBrains, chat UIs, and scripts
- Add Carapace to Discord
- Use Cara as a guarded local project assistant
Want a missing recipe? Request one here .
Docs hubs
Guarded local tools
Enable read/search access for explicit workspace roots, then opt into write and move operations only when you want them.
Channel-ready
Integrate with chat and webhook channels while keeping one controlled assistant runtime.
Operator focused
Clear CLI workflows, status surfaces, and logs for practical debugging and day-to-day operations.