* fix(calendar): trust operator CA bundle in CalDAV test_connection The pre-flight test used httpx with trust_env=False, which ignored SSL_CERT_FILE/REQUESTS_CA_BUNDLE. Self-signed CalDAV servers that the real sync accepts (via caldav lib → requests → honors bundle) were rejected by the test with CERTIFICATE_VERIFY_FAILED. Build an explicit SSL context that loads the operator's CA bundle and clears VERIFY_X509_STRICT (which rejects certs without a keyUsage extension — common in self-signed setups). SSRF guards (follow_redirects=False, trust_env=False) are preserved. Fixes #4795 Fixes #4779 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(calendar): add regression tests and edge case handling for SSL context Per review: add route-level regression tests covering SSL_CERT_FILE precedence, VERIFY_X509_STRICT clearing, missing bundle graceful fallback, and empty env var handling. Also log a warning when the configured CA bundle path doesn't exist instead of silently falling back to system CAs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test(calendar): rewrite SSL tests to exercise route handler directly Addresses review feedback: tests now use FastAPI TestClient to hit the actual test_connection route, capturing the verify= kwarg passed to httpx.AsyncClient. This ensures the route's SSL context construction is covered, not a test-side duplicate. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ci: retrigger CI (redirect hardening test is a CI-env flake, passes locally) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(tests): remove module-level sys.modules stubs that leaked into other tests The collection-time MagicMock stub of `caldav` replaced the real library for every later test in the same process — test_caldav_redirect_hardening's DAVClient became a mock that never sent the PROPFIND, failing its must-reach-the-public-server assertion in CI. conftest already pre-imports the real sqlalchemy/core.database, and the route's lazy imports are patched per-request, so the stub block was both harmful and unnecessary. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * test(calendar): verify exact CA bundle precedence --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Alexandre Teixeira <alexandremagteixeira@gmail.com>
A self-hosted AI workspace for chat, agents, research, documents, email, notes, calendar, and local model workflows.
Quick Start · Setup Guide · Contributing · Roadmap
Quick Start
devis the default branch and gets the newest changes first. Usemainif you want the more curated branch.
git clone https://github.com/pewdiepie-archdaemon/odysseus.git
cd odysseus
cp .env.example .env
docker compose up -d --build
Open http://localhost:7000 when the containers are healthy. The first admin password is printed in docker compose logs odysseus.
Native installs, GPU notes, Windows/macOS instructions, HTTPS, and configuration live in the setup guide.
Features
- Chat + Agents — local/API models, tools, MCP, files, shell, skills, and memory.
- Cookbook — hardware-aware model recommendations, downloads, and serving.
- Deep Research — multi-step web research with source reading and report generation.
- Compare — blind side-by-side model testing and synthesis.
- Documents — writing-first editor with AI edits, suggestions, Markdown, HTML, CSV, and syntax highlighting.
- Email — IMAP/SMTP inbox with triage, tags, summaries, reminders, and reply drafts.
- Notes, Tasks + Calendar — reminders, todos, scheduled agent tasks, and CalDAV sync.
- Extras — gallery/image editor, themes, uploads, web search, presets, sessions, and 2FA.
Demo
A full hover-to-play tour lives on the landing page: docs/index.html.
Contributing
Help is welcome. The best entry points are fresh-install testing, provider setup bugs, mobile/editor polish, docs, and small focused refactors. See CONTRIBUTING.md and ROADMAP.md.
Security
Odysseus is a self-hosted workspace with powerful local tools. Keep auth enabled, keep private data out of Git, and do not expose raw model/service ports publicly. Deployment details are in the setup guide.
Star History
License
AGPL-3.0-or-later -- see LICENSE and ACKNOWLEDGMENTS.md.

