AI-in-a-Box
AI-in-a-Box is a self-hosted enterprise AI stack with a React chat/admin UI, Go gateway, Python agent runtime, guardrails, memory, knowledge/RAG, code sandboxing, audit receipts, and model routing for local vLLM or external OpenRouter models.
git clone --recurse-submodules https://github.com/Mapika/ai-in-a-box.git
cd ai-in-a-box
make bootstrap
make up
Open http://localhost.
What Runs
Core Capabilities
| Area | What it does |
|---|---|
| Chat and agents | One adaptive main agent per session, with subagent delegation through the Delegate tool. |
| Tools | Search, scraping, knowledge, memory, code execution, Dify workflows, MCP-backed tools, and user-approved actions. |
| Model routing | OpenAI-compatible inference router with vLLM and OpenRouter backends, usage capture, route metadata, and Langfuse/first-party observability. |
| Memory | Typed memories scoped by tenant, user, agent, and session. Runtime prefetch injects relevant notes before the model runs. |
| Knowledge | Document RAG and wiki storage with tenant, owner, audience, role, and visibility policy checks. |
| Guardrails | Input/output checks, scanner results, optional Constitutional AI, audit logging, and turn-event emission. |
| Code sandbox | Per-session execution containers behind /v1/sandbox/*, with Docker and optional E2B backends. |
| Identity | Keycloak OIDC with PKCE, optional additional issuers, signed X-Aibox-Principal, CapTokens, and service-to-service JWTs. |
| Audit receipts | Hash-chained audit log plus signed turn envelopes, proof exports, /v1/receipts/*, and offline verification. |
Inference Modes
The default no-GPU quickstart uses OpenRouter because it works on ordinary developer machines. For stricter sovereignty, run the GPU profile and route models to local vLLM:
make up-gpu
No data leaves your environment unless you configure an external model provider or other outbound integration.
Reader Paths
- Quickstart: first local startup
- Chat Tutorial: use the primary UI
- Multi-Agent Tutorial: understand
Delegate-based subagents - Model Configuration: configure vLLM and OpenRouter routes
- Authentication: Keycloak, signed principals, CapTokens, and internal auth
- Audit Trail: hash chain, turn envelopes, receipts, and verification
- API Reference: gateway route map and current request shapes