Your own AI assistant. Private, self-hosted, no hype required.
OpenPalm is two things: a harness and a stack.
The harness runs on your machine — either as a CLI binary or an Electron desktop app. It manages a single directory (~/.openpalm/) that contains plain files you can read and edit:
- Docker Compose files and addon overlays
- Environment variable files (system config, channel secrets, user API keys)
- OpenCode configuration (model, providers, persona)
- AKM configuration (memory, embeddings, knowledge stash)
- Voice and channel configuration
The harness job is unglamorous: download Docker images, place the right content in the right files, and start docker compose up. That's the entire control plane. If you prefer, you can skip the harness entirely and manage those files by hand.
The stack is what the harness runs. At its core:
- An OpenCode assistant in Docker — your AI, talking to whatever model you point it at, with persistent memory and skills via AKM
- A Guardian — the only way in from the outside, enforcing HMAC signatures, replay detection, and rate limiting on every message, with optional fail-closed content validation (heuristic screen + local OpenCode moderator) when enabled
- Optional channel containers — Discord, Slack, API, voice chat, or anything you build — each one just a compose overlay
Official clients are the Electron desktop app and the OpenCode web interface (served directly by the assistant container). Everything else reaches the assistant through a channel → guardian pipeline.
OpenPalm started as a hobby project — a weekend experiment to see if a useful AI assistant could be built on boring, standard tools. Turns out it can. It's now a daily driver, and it keeps getting better.
No proprietary orchestration layer, no magic runtime, no lock-in. Just containers, env files, and compose overlays. If you can run docker compose up, you can run OpenPalm.
0.11.0 is a refactor and simplification release. The architecture is stable — assistant, guardian, channels, and the AKM memory/skills layer all work and are in daily use. This release consolidates the stack layout, removes a lot of incidental complexity, and ships the revised setup wizard.
0.12.x will focus on stabilization and hardening: install/upgrade lifecycle robustness, better error recovery, and closing the remaining rough edges before v1.
If you're running OpenPalm today, 0.11.0 is the release to be on. If you need production stability guarantees, watch for 0.12.x.
- An AI assistant that's yours — Runs on OpenCode, talks to any OpenAI-compatible model (local or remote), and remembers things between sessions.
- Channels — Talk to your assistant through a web chat, an API, Discord, Slack, or build your own adapter.
- Security by default — Every message passes through HMAC-signed verification, replay detection, and rate limiting before it reaches the assistant. The assistant itself has no Docker socket access.
- Plain files all the way down — The stack is Docker Compose files. Config is env files. Addons are compose overlays. No database for state, no hidden config, nothing you can't
cat. - LAN-first — Nothing is exposed to the internet unless you explicitly choose to expose it.
1. Install Docker (with Compose V2) — OpenPalm runs your assistant in Docker containers.
| Platform | Get Docker |
|---|---|
| Mac | Docker Desktop or OrbStack |
| Windows | Docker Desktop |
| Linux | Docker Engine (curl -fsSL https://get.docker.com | sh) |
2. Download the OpenPalm desktop app — Recommended for most users.
| Platform | Download | Run |
|---|---|---|
| Mac (Apple Silicon) | OpenPalm‑arm64‑mac.zip | Unzip → drag OpenPalm.app to Applications |
| Mac (Intel) | OpenPalm‑x64‑mac.zip | Unzip → drag OpenPalm.app to Applications |
| Windows | OpenPalm‑win.zip | Unzip → run OpenPalm.exe (portable, no install) |
| Linux | OpenPalm.AppImage | chmod +x → run |
Open the app, follow the setup wizard (it'll confirm Docker is running, ask which AI provider to use, and start the stack), and land directly on the chat page. Done.
First launch on macOS/Windows: builds are not code-signed, so there's a one-time security prompt. On macOS, right-click OpenPalm.app → Open the first time (or
xattr -dr com.apple.quarantine OpenPalm.app). On Windows, click More info → Run anyway on the SmartScreen prompt. Subsequent launches are unrestricted.
Advanced / headless install (CLI)
For servers or power users who prefer a CLI:
curl -fsSL https://raw.githubusercontent.com/itlackey/openpalm/main/scripts/setup.sh | bashThis downloads the CLI binary for your platform, seeds ~/.openpalm/, opens the same wizard in your browser, and starts the stack. See the setup guide for the full headless flow and the bare-metal docker compose path.
- Swap models — Point it at OpenAI, Anthropic, Groq, Ollama, LMStudio, or anything OpenAI-compatible.
- Add channels — Enable Discord, Slack, API, or web chat by copying an addon into your stack.
- Extend the assistant — Drop in OpenCode plugins, custom tools, or let the assistant find what they need with built-in AKM support.
- Schedule automations — Add YAML files to run recurring tasks on a cron schedule.
- Protect your secrets — Built-in log redactor masks token/secret/key/password/HMAC values from every service log;
openpalm scanlists which sensitive slots are populated in your env files.
Clients talk to channels. Channels sign messages and send them through the guardian. The guardian validates everything and forwards to the assistant. The assistant does the work. That's it.
For the full walkthrough, see How It Works. For security invariants and architectural rules, see Core Principles.
| Guide | What's inside |
|---|---|
| Setup Guide | Install, update, and troubleshoot |
| Upgrade 0.10.x → 0.11.0 | Upgrade an existing install: file/env/port migration |
| How It Works | Architecture and data flow |
| Managing OpenPalm | Config, addons, secrets, automations |
| Core Principles | Security invariants and design rules |
| Community Channels | Build your own channel adapter |
| Full docs index | Everything else |
OpenPalm is open source under MPL-2.0. Contributions are welcome — just know that things move fast right now and the architecture is still settling. Check out the docs index to get oriented, and don't hesitate to open an issue if something breaks or doesn't make sense.