* fix(db): restrict data/app.db to 0600 app.db holds bearer-token hashes, bcrypt password hashes, and encrypted provider keys but was created under the default umask (0644 -> world-readable), unlike .app_key/vault/integrations which are already 0600 via safe_chmod. init_db() now chmods the SQLite file to 0600 right after create_all (POSIX only; no-op on Windows, skipped for Postgres / in-memory). Unconditional and idempotent, so it also re-locks already-deployed 0644 installs on next startup. The transient rollback journal inherits 0600 from the parent file at creation - no sidecar handling needed; -wal/-shm don't exist until WAL is enabled (#4409 C4) and inherit the same mode then. Satisfies Rule B, unblocking #4413 and the vault/integration secret moves. Mirrors src/secret_storage.py:43-45. Verified: security + DB-permission suites pass; 6 pre-existing visual_report failures (missing markdown/nh3 deps) are unrelated. Closes #4407 * fix(db): harden SQLite path parsing and re-lock sidecars Address review feedback on #4420. P2: derive the file to chmod from engine.url (SQLAlchemy's parsed URL) via _sqlite_db_path(), instead of DATABASE_URL.replace("sqlite:///", ""). A driver-qualified URL (sqlite+pysqlite://) or one carrying query args (?cache=shared) previously slipped past the prefix check / string slice and left the DB world-readable; the parsed path resolves correctly and drops the query. P3: re-lock stale -wal/-shm/-journal sidecars to 0o600 at startup. The main file is chmod'd first, so any sidecar SQLite creates afterward inherits 0o600, but a -wal/-shm left world-readable by an older 0o644 install (once WAL was enabled) could still expose DB pages. Absent sidecars are the normal case, not an error. Tests: unit-test _sqlite_db_path across driver/query/memory/postgres URL forms, and a subprocess test asserting stale 0o644 -wal/-shm are re-locked on startup. * fix(db): handle sqlite file URI app db permissions * fix(db): close remaining SQLite permission bypasses --------- Co-authored-by: Ethan <23321960+0xLeathery@users.noreply.github.com> Co-authored-by: Alexandre Teixeira <alexandremagteixeira@gmail.com>
A self-hosted AI workspace for chat, agents, research, documents, email, notes, calendar, and local model workflows.
Quick Start · Setup Guide · Contributing · Roadmap
Quick Start
devis the default branch and gets the newest changes first. Usemainif you want the more curated branch.
git clone https://github.com/pewdiepie-archdaemon/odysseus.git
cd odysseus
cp .env.example .env
docker compose up -d --build
Open http://localhost:7000 when the containers are healthy. The first admin password is printed in docker compose logs odysseus.
Native installs, GPU notes, Windows/macOS instructions, HTTPS, and configuration live in the setup guide.
Features
- Chat + Agents — local/API models, tools, MCP, files, shell, skills, and memory.
- Cookbook — hardware-aware model recommendations, downloads, and serving.
- Deep Research — multi-step web research with source reading and report generation.
- Compare — blind side-by-side model testing and synthesis.
- Documents — writing-first editor with AI edits, suggestions, Markdown, HTML, CSV, and syntax highlighting.
- Email — IMAP/SMTP inbox with triage, tags, summaries, reminders, and reply drafts.
- Notes, Tasks + Calendar — reminders, todos, scheduled agent tasks, and CalDAV sync.
- Extras — gallery/image editor, themes, uploads, web search, presets, sessions, and 2FA.
Demo
A full hover-to-play tour lives on the landing page: docs/index.html.
Contributing
Help is welcome. The best entry points are fresh-install testing, provider setup bugs, mobile/editor polish, docs, and small focused refactors. See CONTRIBUTING.md and ROADMAP.md.
Security
Odysseus is a self-hosted workspace with powerful local tools. Keep auth enabled, keep private data out of Git, and do not expose raw model/service ports publicly. Deployment details are in the setup guide.
Star History
License
AGPL-3.0-or-later -- see LICENSE and ACKNOWLEDGMENTS.md.

