Stable release

Security-first personal AI assistant

Private by default
Locked down until you configure access
Secrets kept in OS credential stores
Plugins must be signed and permission-scoped
Subprocesses run with OS sandbox limits
Built-in outbound request protections

Carapace runs local-first, keeps security controls explicit, and gives you auditable behavior across chat channels and tooling integrations. Works through Signal, Telegram, Discord, Slack, webhooks, and console.

Install in minutes Run first setup

Quick start

Run setup, choose your first outcome, then start Carapace:

cara setup
cara

Want a quick security comparison? Carapace vs OpenClaw threat-by-threat table .

New here? Follow the full path: Install -> First Run -> Security -> Ops -> Cookbook.

Carapace ships a stable release line for its verified paths. Partial and in-progress areas are called out explicitly in the docs and feature status.

If you are unsure which first path to choose, start with one provider and local-chat, then add channels after cara verify --outcome auto passes.

Need guided help or evaluating for a team?

Use the public help paths for setup blockers, cookbook gaps, or a small-team evaluation. Keep secrets and sensitive details out of public issues.

Request setup help Team setup / pilot

Popular walkthroughs

Use task-focused recipes instead of piecing setup together manually.

Want a missing recipe? Request one here .

Docs hubs

Hardened by design

Secure defaults, credential handling, and policy boundaries are treated as first-class concerns.

Channel-ready

Integrate with chat and webhook channels while keeping one controlled assistant runtime.

Operator focused

Clear CLI workflows, status surfaces, and logs for practical debugging and day-to-day operations.