open-webui / open-terminal

⚡ Open Terminal A lightweight, self-hosted terminal that gives AI agents and automation tools a dedicated environment to run commands, manage files, and execute code — all through a simple API. Why Open Terminal? AI assistants are great at writing code, but they need somewhere to *run* it. Open Terminal is that place — a remote shell with file management, search, and more, accessible over a simple REST API. You can run it two ways: • **Docker (sandboxed)** — runs in an isolated container with a full toolkit pre-installed: Python, Node.js, git, build tools, data science libraries, ffmpeg, and more. Great for giving AI agents a safe playground without touching your host system. • **Bare metal** — install it with and run it anywhere Python runs. Commands run directly on your machine with access to your real files, your real tools, and your real environment, perfect for local development, personal automation, or giving an AI assistant full access to your actual projects. Getting Started Docker (recommended) That's it — you're up and running at . > [!TIP] > If you don't set an API key, one is generated automatically. Grab it with . Image Variants | | | | | |---|---|---|---| | **Best for** | AI agent sandboxes | Production / hardened | Edge / CI / minimal footprint | | **Size** | ~4 GB | ~430 MB | ~230 MB | | **Bundled tooling** | Node.js, gcc, ffmpeg, LaTeX, Docker CLI, data science libs | git, curl, jq | git, curl, jq | | **Install packages at runtime** | ✔ (has ) | ✘ | ✘ | | **Multi-user mode** | ✔ | ✘ | ✘ | | **Egress firewall** | ✔ | ✔ | ✔ | ** ** and ** ** have the same feature set. Slim uses Debian (glibc) for broader binary compatibility; Alpine uses musl libc and is smaller, but some C-extension pip packages may need to compile from source. > [!NOTE] > Slim and Alpine don't support / . To add packages, extend Dockerfile.slim or Dockerfile.alpine. Updating Then re-run the command above. Bare Metal No Docker? No problem. Open Terminal is a standard Python package: > [!CAUTION] > On bare metal, commands run directly on your machine with your user's permissions. Use Docker if you want sandboxed execution. Customizing the Docker Environment The easiest way to add extra packages is with environment variables — no fork needed: | Variable | Description | |---|---| | | Space-separated list of **apt** packages to install at startup | | | Space-separated list of **pip** packages to install at startup | > [!NOTE] > Packages are installed each time the container starts, so startup will take longer with large package lists. For heavy customization, build a custom image instead. Docker Access The image includes the Docker CLI, Compose, and Buildx. To let agents build images, run containers, etc., mount the host's Docker socket: > [!CAUTION] > Mounting the Docker socket gives the container **full control over the host's Docker daemon**, which is effectively root access on the host machine. Anyone with access to the terminal can pull/run arbitrary containers (including ones), mount host directories, access host networking, and manage all containers on the host. Only do this in fully trusted environments. For full control, fork the repo, edit the Dockerfile, and build your own image: Configuration Open Terminal can be configured via a TOML config file, environment variables, and CLI flags. Settings are resolved in this order (highest priority wins): • **CLI flags** ( , , , etc.) • **Environment variables** ( , etc.) • **User config** — (defaults to ) • **System config** — • **Built-in defaults** Create a config file at either location with any of these keys (all optional): > [!TIP] > Use the system config at to set site-wide defaults for host and port, and the user config for personal settings like the API key — this keeps the key out of / . You can also point to a specific config file: Using with Open WebUI Open Terminal integrates with Open WebUI, giving your AI assistants the ability to run commands, manage files, and interact with a terminal right from the AI interface. Make sure to add it under **Open Terminal** in the integrations settings, not as a tool server. Adding it as an Open Terminal connection gives you a built-in file navigation sidebar where you can browse directories, upload, download, and edit files. There are two ways to connect: Direct Connection Users can connect their own Open Terminal instance from their user settings. This is useful when the terminal is running on their local machine or a network only they can reach, since requests go directly from the **browser**. • Go to **User Settings → Integrations → Open Terminal** • Add the terminal **URL** and **API key** • Enable the connection System-Level Connection (Multi-User) Admins can configure Open Terminal connections for all their users from the admin panel. No additional services required. Multiple terminals can be set up with access controlled at the user or group level. Requests are proxied through the Open WebUI **backend**, so the terminal only needs to be reachable from the server. • Go to **Admin Settings → Integrations → Open Terminal** • Add the terminal **URL** and **API key** • Enable the connection Built-in Multi-User Isolation > [!CAUTION] > Single-container multi-user mode is **not designed for production multi-user deployments**. All users share the same kernel, network, and system resources with no hard isolation boundaries between them. If one user's process misbehaves, it can affect every other user on the system. This mode exists as a lightweight convenience for small, trusted groups — not as a security model you should rely on. For small, trusted deployments you can enable per-user isolation inside a single container: Each user automatically gets a dedicated Linux account with its own home directory. Files, commands, and terminals are isolated between users via standard Unix permissions. API Docs Full interactive API documentation is available at http://localhost:8…