Preview release

Security-first personal AI assistant

Private by default
Locked down until you configure access
Secrets kept in OS credential stores
Plugins must be signed and permission-scoped
Subprocesses run with OS sandbox limits
Built-in outbound request protections

Carapace runs local-first, keeps security controls explicit, and gives you auditable behavior across chat channels and tooling integrations. Works through Signal, Telegram, Discord, Slack, webhooks, and console.

Install in minutes Run first setup

Quick start

Run setup, choose your first outcome, then start Carapace:

cara setup
cara

Want a quick security comparison? Carapace vs OpenClaw threat-by-threat table .

New here? Follow the full path: Install -> First Run -> Security -> Ops -> Cookbook.

Carapace is in active preview. Core functionality works today, and feature coverage is expanding.

Popular walkthroughs

Use task-focused recipes instead of piecing setup together manually.

Want a missing recipe? Request one here .

Hardened by design

Secure defaults, credential handling, and policy boundaries are treated as first-class concerns.

Channel-ready

Integrate with chat and webhook channels while keeping one controlled assistant runtime.

Operator focused

Clear CLI workflows, status surfaces, and logs for practical debugging and day-to-day operations.