Your local-first AI coding agent. Runs with Ollama (no API keys), edits code, browses the web, automates git/PRs/tests. Multi-LLM swarm mode lets multiple AI models collaborate on your tasks. Enterprise security from day 1.

node

npm install -g codebot-ai && codebot --setup

Works with any LLM — Ollama (local, free), Claude, GPT, Gemini, DeepSeek, Groq, Mistral, Grok.
Web dashboard, VS Code extension, GitHub Action, multi-LLM swarm, and enterprise security built in.

Install & Run

# Install globally
npm install -g codebot-ai

# Launch interactive mode
codebot

# Or run without installing
npx codebot-ai

First run launches the setup wizard — pick your model, paste an API key (or use local LLM), done.

# Local LLM (no API key needed)
ollama pull qwen2.5-coder
codebot --setup       # select "ollama"

# Web dashboard
codebot --dashboard   # opens localhost:3120

# Full autonomous mode
codebot --autonomous "refactor auth module and run tests"

What It Does

Capability	How
Write & edit code	Reads your codebase, makes targeted edits, runs tests
Run commands	Shell execution with security filtering and sandbox support
Browse the web	Controls Chrome via DevTools Protocol — navigate, click, type, screenshot
Search the internet	Real-time web search for docs, APIs, current info
Web dashboard	Sessions, audit trail, metrics, and Command Center at localhost:3120
Schedule routines	Cron-based recurring tasks — monitoring, reports, automation
Persistent memory	Remembers preferences and context across sessions
Enterprise security	RBAC policies, risk scoring, encrypted audit trail, SARIF export
Multi-LLM Swarm	Multiple AI models collaborate using debate, pipeline, fan-out, and more

Multi-LLM Swarm

Launch a swarm of AI agents that collaborate on complex tasks. Mix cloud and local models freely.

codebot --dashboard   # open http://localhost:3120, click "Launch Swarm"

6 Strategies:

Auto — Router analyzes your task and picks the best strategy
Debate — Multiple agents propose solutions and vote on the best
Mixture of Agents — Diverse proposals merged by a synthesizer
Pipeline — Sequential stages: plan → research → code → review → test
Fan-Out — Parallel subtasks gathered and synthesized
Generator-Critic — One agent generates, another critiques, iterate to quality

Supported providers: Anthropic (Claude), OpenAI (GPT), Ollama (local, free), Gemini, DeepSeek, Groq, Mistral, xAI (Grok)

Select providers in the dashboard, type your task, and watch agents stream results in real-time via SSE.

Web Dashboard

Launch with codebot --dashboard or standalone with npx codebot-ai && open http://localhost:3120.

Sessions — Browse and inspect every conversation with message counts and timestamps.

Audit Trail — Cryptographic hash-chained log of every tool execution. One-click chain verification.

Metrics — Session counts, audit events, tool usage breakdown, and activity charts.

Command Center — Interactive terminal, quick actions (git status, run tests, health check), and when connected to the agent: AI chat and tool runner.

8 LLM Providers

Provider	Models
Local (Ollama/LM Studio/vLLM)	qwen2.5-coder, qwen3, deepseek-coder, llama3.x, mistral, phi-4, codellama, starcoder2
Anthropic	claude-opus-4-6, claude-sonnet-4-6, claude-haiku-4-5
OpenAI	gpt-4o, gpt-4.1, o1, o3, o4-mini
Google	gemini-2.5-pro, gemini-2.5-flash, gemini-2.0-flash
DeepSeek	deepseek-chat, deepseek-reasoner
Groq	llama-3.3-70b, mixtral-8x7b
Mistral	mistral-large, codestral
xAI	grok-3, grok-3-mini

export ANTHROPIC_API_KEY="sk-ant-..."    # or any provider
codebot --model claude-sonnet-4-6

Or use a local model with zero API keys:

ollama pull qwen2.5-coder && codebot --provider ollama --model qwen2.5-coder

32 Built-in Tools

Tool	Permission	Description
`read_file`	auto	Read files with line numbers
`write_file`	prompt	Create or overwrite files (undo snapshots)
`edit_file`	prompt	Find-and-replace edits with diff preview
`batch_edit`	prompt	Multi-file atomic find-and-replace
`execute`	always-ask	Run shell commands (security-filtered)
`glob`	auto	Find files by pattern
`grep`	auto	Search file contents with regex
`git`	prompt	Git operations (status, diff, log, commit, branch)
`browser`	prompt	Chrome automation via CDP
`web_fetch`	prompt	HTTP requests and API calls
`web_search`	prompt	Internet search with summaries
`think`	auto	Internal reasoning scratchpad
`memory`	auto	Persistent memory across sessions
`routine`	prompt	Schedule recurring tasks with cron
`code_analysis`	auto	Symbol extraction, imports, outline
`code_review`	auto	Security scanning and complexity analysis
`multi_search`	auto	Fuzzy search: filenames, content, symbols
`task_planner`	auto	Hierarchical task tracking
`diff_viewer`	auto	File comparison and git diffs
`test_runner`	prompt	Auto-detect and run tests (jest, vitest, pytest, go, cargo)
`docker`	prompt	Container management (ps, run, build, compose)
`database`	prompt	Query SQLite databases (blocks destructive SQL)
`http_client`	prompt	Advanced HTTP with auth and headers
`image_info`	auto	Image dimensions and metadata
`pdf_extract`	auto	Extract text and metadata from PDFs
`ssh_remote`	always-ask	Remote command execution via SSH
`notification`	prompt	Webhook notifications (Slack, Discord)
`package_manager`	prompt	Dependency management (npm, yarn, pip, cargo, go)
`app_connector`	prompt	GitHub, Jira, Linear, Slack integrations
`graphics`	prompt	Image processing: resize, crop, watermark, convert
`delegate`	prompt	Multi-agent task delegation

Permission levels: auto = runs silently, prompt = asks first (skipped in --autonomous), always-ask = always confirms.

App Connectors

Connect to external services with OAuth or API keys:

Connector	Capabilities
GitHub	Issues, PRs, repos, code search
Jira	Issues, projects, sprints, transitions
Linear	Issues, projects, teams, cycles
Slack	Messages, channels, users, threads
OpenAI Images	DALL-E generation, editing, variations
Replicate	Run any ML model via API

Credentials stored in encrypted vault (AES-256-GCM).

Security

Built for enterprise from day one:

 Risk Scoring       6-factor risk scoring on every tool call (0-100)
 Encryption         AES-256-GCM encryption at rest
 Audit Trail        SHA-256 hash-chained, tamper-evident logs
 Sandbox            Docker-based execution with network/CPU/memory limits
 RBAC               Declarative JSON policy engine with per-tool permissions
 SARIF Export       GitHub Code Scanning integration
 SSRF Protection    Blocks localhost, private IPs, cloud metadata
 Secret Detection   15+ patterns (AWS keys, tokens, private keys)
 Path Safety        Blocks writes to system directories
 Session Integrity  HMAC-based tamper detection

See SECURITY.md for the full model.

CLI Reference

codebot                                        # Interactive REPL
codebot "fix the bug in app.ts"                # Single task
codebot --autonomous "refactor auth and test"  # Full auto
codebot --continue                             # Resume last session
codebot --dashboard                            # Web dashboard
codebot --tui                                  # Terminal UI (panels)
codebot --doctor                               # Environment health check
echo "explain this error" | codebot            # Pipe mode

All CLI flags

--setup              Run the setup wizard
--model <name>       Model to use
--provider <name>    Provider: openai, anthropic, gemini, deepseek, groq, mistral, xai
--base-url <url>     LLM API base URL
--api-key <key>      API key (or use env vars)
--autonomous         Skip all permission prompts
--resume <id>        Resume a session by ID
--continue, -c       Resume the most recent session
--max-iterations <n> Max agent loop iterations (default: 50)
--tui                Full terminal UI mode
--dashboard          Web dashboard on localhost:3120
--doctor             Environment health checks
--theme <name>       Color theme: dark, light, mono
--no-animate         Disable animations
--no-stream          Disable streaming display
--verbose            Debug output

Interactive commands

/help       Show commands           /model     Show or change model
/models     List supported models   /sessions  List saved sessions
/routines   List routines           /auto      Toggle autonomous mode
/undo       Undo last edit          /usage     Token usage
/clear      Clear conversation      /compact   Force context compaction
/metrics    Session metrics         /risk      Risk assessment history
/config     Show configuration      /doctor    Health checks
/toolcost   Per-tool cost breakdown /rate      Rate limit status
/theme      Switch color theme      /quit      Exit

VS Code Extension

code --install-extension codebot-ai-vscode-2.0.0.vsix

Sidebar chat panel, inline diff preview, status bar (tokens, cost, risk level), theme integration.

GitHub Action

- uses: zanderone1980/codebot-ai/actions/codebot@v2
  with:
    task: review    # or: fix, scan
    api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Programmatic API

import { Agent, AnthropicProvider } from 'codebot-ai';

const agent = new Agent({
  provider: new AnthropicProvider({
    apiKey: process.env.ANTHROPIC_API_KEY,
    model: 'claude-sonnet-4-6',
  }),
  model: 'claude-sonnet-4-6',
  autoApprove: true,
});

for await (const event of agent.run('list all TypeScript files')) {
  if (event.type === 'text') process.stdout.write(event.text || '');
}

Plugins & MCP

Custom tools: Drop .js files in .codebot/plugins/:

module.exports = {
  name: 'my_tool',
  description: 'Does something useful',
  permission: 'prompt',
  parameters: { type: 'object', properties: { input: { type: 'string' } }, required: ['input'] },
  execute: async (args) => `Result: ${args.input}`,
};

MCP servers: Create .codebot/mcp.json:

{
  "servers": [{ "name": "my-server", "command": "npx", "args": ["-y", "@my/mcp-server"] }]
}

Build from Source

git clone https://github.com/zanderone1980/codebot-ai.git
cd codebot-ai
npm install && npm run build
./bin/codebot

Stability

Auto-retry — exponential backoff on network errors, rate limits, server errors
Stream recovery — reconnects if the LLM drops mid-response
Context compaction — smart summarization when hitting context limits
Process resilience — catches unhandled exceptions, keeps the REPL running
1125 tests — comprehensive coverage across agent, tools, security, and dashboard

npm · GitHub · Changelog · Roadmap · Security

MIT — Ascendral Software Development & Innovation

Keywords

FAQs

What is codebot-ai?

Is codebot-ai well maintained?

Package last updated on 07 Mar 2026

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

codebot-ai

CodeBot AI

Zero-dependency autonomous AI agent